Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!steinmetz!dawn!stpeters
From: stpeters@dawn.steinmetz
Newsgroups: comp.unix.wizards
Subject: Re: device file non-protection - and suid scripts
Message-ID: <7540@steinmetz.steinmetz.UUCP>
Date: Tue, 6-Oct-87 16:00:28 EDT
Article-I.D.: steinmet.7540
Posted: Tue Oct  6 16:00:28 1987
Date-Received: Fri, 9-Oct-87 22:14:28 EDT
References: <9615@brl-adm.ARPA> <7525@steinmetz.steinmetz.UUCP> <30069@sun.uucp>
Sender: root@steinmetz.steinmetz.UUCP
Reply-To: dawn!stpeters@steinmetz.UUCP (Dick St.Peters)
Organization: General Electric CRD, Schenectady, NY
Lines: 13

>> SunOS 3.2 closed this particular hole for csh (but not sh) suid
>> scripts, but I still wouldn't put one on my system.
>
>If it's the security hole I think you're referring to, it's closed for "sh"
>scripts as well.  Note the "#!" lines in shell scripts in 4.3BSD.

Maybe we're talking different holes.  It's not closed for "sh" on my
SunOS 3.2 system.  I don't have 4.3BSD available, but I'll try it on a
local 3.4 Sun.
Dick St.Peters                        
GE Corporate R&D, Schenectady, NY
stpeters@ge-crd.arpa              
uunet!steinmetz!stpeters