Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!gorodish!guy
From: guy%gorodish@Sun.COM (Guy Harris)
Newsgroups: comp.unix.wizards
Subject: Re: device file non-protection - and suid scripts
Message-ID: <30069@sun.uucp>
Date: Mon, 5-Oct-87 20:30:21 EDT
Article-I.D.: sun.30069
Posted: Mon Oct  5 20:30:21 1987
Date-Received: Thu, 8-Oct-87 07:24:26 EDT
References: <9615@brl-adm.ARPA> <7525@steinmetz.steinmetz.UUCP>
Sender: news@sun.uucp
Lines: 28

> A related example is that uid 0 can always open and write to *device*
> files (/dev/widget etc.) even when the files are mode 000 (various
> versions of SunOS and Ultrix).  We wanted a program to be able to
> "lock" devices sufficiently to prevent even an SA from accidently
> using them.

As far as I know, *all* UNIX systems work this way; "root" is given read and
write permissions on all files.

> SunOS 3.2 closed this particular hole for csh (but not sh) suid
> scripts, but I still wouldn't put one on my system.

If it's the security hole I think you're referring to, it's closed for "sh"
scripts as well.  Note the "#!" lines in shell scripts in 4.3BSD.

(Credit where credit is due:  the C shell version of this hole was closed in
the 4.3BSD C shell.  SunOS 3.2 picked up this version of the C shell.)

Another similar security problem was also fixed in 4.3 by changes to the way
the "exec" family of system calls handles "#!"; this fix was also picked up by
SunOS 3.2.

However, your continuing concern is justified; somebody showed me a security
hole with set-UID shell scripts that isn't fixed in 4.3.  This one would be
painful to fully fix.
	Guy Harris
	{ihnp4, decvax, seismo, decwrl, ...}!sun!guy
	guy@sun.com