Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!rutgers!ames!ucbcad!ucbvax!decvax!dartvax!uvm-gen!hartley
From: hartley@uvm-gen.UUCP (Stephen J. Hartley)
Newsgroups: comp.unix.questions
Subject: Re: Re: setuid shell scripts
Message-ID: <460@uvm-gen.UUCP>
Date: Mon, 1-Dec-86 09:57:29 EST
Article-I.D.: uvm-gen.460
Posted: Mon Dec  1 09:57:29 1986
Date-Received: Wed, 3-Dec-86 22:08:31 EST
References: <1250@cit-vax.Caltech.Edu>
Organization: EMBA Computer Facility, Univ. of Vermont, Burlington.
Lines: 16

< Summary: unconditionally insecure
< Posted: Sat Nov 29 23:25:37 1986
< 
< In case it is not COMPLETELY clear yet:  the example can be shortened to
< 	#!/bin/sh
< 
< i.e. no commands at all, and it still gives the opportunist an unrestricted
< setuid shell, just by running it with argv[0] starting with "-", which can
< be typed in a few seconds.  This is true of both sh and csh, with or without
< -f.  The only way to prevent this abuse is to not allow execute access.
< 
Does this hole still exist in 4.3 BSD?  I thought it had been fixed.
-- 
	Department of Computer Science and Elec. Eng.	Stephen J. Hartley
USENET:	{decvax,ihnp4}!dartvax!uvm-gen!uvm-cs!hartley	University of Vermont
CSNET:	hartley%uvm@csnet-relay				(802) 656-3330, 862-5323