From: utzoo!decvax!cca!ptb@Mitre-Bedford@sri-unix
Newsgroups: net.unix-wizards
Title: Security flaw and fix for C Shell Setuid Programs
Article-I.D.: sri-unix.4282
Posted: Sun Nov 21 17:16:00 1982
Received: Mon Nov 22 04:10:36 1982

Date: Thu Nov 18 13:48:03 1982
The C shell interface can be used to make shell programs that run setuid to
any uid (even root).  However, there are a few different security problems
that can result.  One of these has been pointed out earlier, that it is
possible for someone to substitute one of their commands with a strange PATH
variable.  The fix for this has already been addressed, so I wont go into it
now.

There is another potential exposure that seems to be unique to the C shell,
and how it can run setuid programs.  The environment variable "HOME" is not
changed upon executing the C shell, and therefore the user's own .cshrc is
executed before the C shell program takes control.  This can cause all kinds
of problems.  To prevent it, do the following:

1)      Have the first line be "#! /bin/csh -f" to supress the execution of
the .cshrc file; and
2)      Also use the "setenv HOME /" command to protect subsequently invoked
commands.

						Peter Baldwin
						Mitre-Bedford System Software