Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site brl-tgr.ARPA Path: utzoo!watmath!clyde!cbosgd!ihnp4!qantel!dual!lll-crg!seismo!brl-tgr!gwyn From: gwyn@brl-tgr.ARPA (Doug Gwyn ) Newsgroups: net.unix-wizards Subject: Re: what are the implications of shell doing setuid(getuid())? Message-ID: <1532@brl-tgr.ARPA> Date: Mon, 16-Sep-85 17:03:01 EDT Article-I.D.: brl-tgr.1532 Posted: Mon Sep 16 17:03:01 1985 Date-Received: Thu, 19-Sep-85 06:35:17 EDT References: <2581@pegasus.UUCP> Organization: Ballistic Research Lab Lines: 12 > I was recently asked what the implications would be of having the shell do a > setuid(getuid()) and setgid(getgid()) as soon as it's invoked. The reason is > to try and plug up any security holes caused by set[ug]id programs that > invoke system(3C) or popen(3S). What tools are there that anyone knows of > that would be broken if this change were made, locally, or for real? cpio, find, & sdiff all use popen() and tar uses system(). Your proposed change could break their operation when these utilities are run privileged. There are many other loopholes of equal or greater concern than "sh -c" that your shell mod would not take care of. This seems like the wrong place to try to enforce security. Brought to you by Super Global Mega Corp .com