Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!elsie!ado
From: ado@elsie.UUCP (Arthur David Olson)
Newsgroups: comp.unix.questions
Subject: Re: setuid shell scripts
Message-ID: <7293@elsie.UUCP>
Date: Tue, 2-Dec-86 23:11:21 EST
Article-I.D.: elsie.7293
Posted: Tue Dec  2 23:11:21 1986
Date-Received: Wed, 3-Dec-86 06:04:20 EST
References: <13@houligan.UUCP> <1112@decuac.DEC.COM> <416@gouldsd.UUCP> <1061@ihdev.UUCP>
Organization: NIH-LEC, Bethesda, MD
Lines: 26
Summary: for those without source. . .

> *Never* have setuid shell scripts on a BSD4.x system unless a)
> you don't care who breaks into your machine (some people don't) or b)
> you have installed a kernel-kludge to plug the security hole.  Does
> anyone have diffs for this they can post?

For those without kernel source but with a compelling need for set-user-id
script, a workaround is to begin scripts this way:

	#! /bin/sh /the/name/of/the/script/itself
	shift

So, for example, a script named "/etc/adduser" would begin

	#! /bin/sh /etc/adduser
	shift

Of course, you still get to deal with PATH, IFS, and other such issues in
the script itself.
--
UNIX is a registered trademark of AT&T.
PATH is a trademark of the Port Authority Trans-Hudson.
The set-user-id bit is a patented inspiration of Dennis Ritchie.
Sh is a trademark of the American Librarians Association.
--
	UUCP: ..decvax!seismo!elsie!ado   ARPA: elsie!ado@seismo.ARPA
	DEC, VAX, Elsie & Ado are Digital, Borden & Ampex trademarks.