Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84 SMI; site sun.uucp
Path: utzoo!watmath!clyde!cbosgd!ihnp4!qantel!lll-crg!lll-lcc!vecpyr!amd!amdcad!decwrl!sun!guy
From: guy@sun.uucp (Guy Harris)
Newsgroups: net.unix,net.unix-wizards,net.micro.att,net.bugs.usg
Subject: Re: Sv.2 suid bits
Message-ID: <3045@sun.uucp>
Date: Thu, 28-Nov-85 16:09:54 EST
Article-I.D.: sun.3045
Posted: Thu Nov 28 16:09:54 1985
Date-Received: Sat, 30-Nov-85 06:52:39 EST
References: <123@rexago1.UUCP> <1161@ihuxw.UUCP>
Distribution: net
Organization: Sun Microsystems, Inc.
Lines: 35
Xref: watmath net.unix:6450 net.unix-wizards:15917 net.micro.att:721 net.bugs.usg:388

> > On SV.2 (3b2, pc7300 (Safari)) suid bits do not work on shell scripts.  Am
> > I just silly or don't I remember them working on 2 other UN*X-ish (TNIX,
> > XENIX) environments?
> 
> Suid bits on shell scripts don't work on any machine I have ever used. 
> This includes PDP-11/70, Vax, 3b20, U370, PC7300.  It is frustrating,
> but I have wound up making up a little C program which execs the shell. 
> The C program has the suid bit set...

Set-UID bits don't work on shell scripts, in general, because for them to
work the shell'd have to be running set-UID.  If you're running a shell as
yourself, and it tries to run a shell script which is set-UID to "root", how
would it be able to get "root"s privileges?  And if *it* could get root
privileges, what would prvent some program you wrote like

	main()
	{
		system("rm -rf /");
	}

from getting them as well?

In some systems (4.1BSD, 4.2BSD, Version 8, and some others which have added
this feature - originally concocted by Dennis Ritchie), you can have the
kernel detect a shell script and run a shell (or other interpreter) on that
script.  In this case, you *can* have set-UID shell scripts; the kernel is
trusted code (yuk yuk) and can give the shell it's firing off to run the
set-UID script the appropriate privileges.  However, there is a horrible
security hole in this; I think there's a fix, but I don't know if it closes
all the holes, and it involves changing any and all shells and other
interpreters - a minor change, but still a change, and you need source to
change it.  So don't set up set-UID shell scripts if you don't trust your
user population.

	Guy Harris