Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!rutgers!sunybcs!boulder!hao!oddjob!gargoyle!ihnp4!occrsh!occrsh.ATT.COM!tiger.UUCP!rjd
From: rjd@tiger.UUCP
Newsgroups: comp.sys.att
Subject: Re: a few questions on the 3B1
Message-ID: <144800006@tiger.UUCP>
Date: Wed, 21-Oct-87 14:04:00 EST
Article-I.D.: tiger.144800006
Posted: Wed Oct 21 14:04:00 1987
Date-Received: Sun, 25-Oct-87 07:15:42 EST
References: <1913@gryphon.CTS.COM>
Lines: 30
Nf-ID: #R:gryphon.CTS.COM:-191300:tiger.UUCP:144800006:000:1259
Nf-From: tiger.UUCP!rjd    Oct 21 13:04:00 1987


> [Shell script]
> > if [ \( -f /etc/TZ \) -a \( -r /etc/TZ \) ]
> > then
> > 	TZ=`cat /etc/TZ`
> > 	export TZ
> > fi
> > exec /usr/lib/uucp/uucico $*
> 
> Using a shell script for a login is a *bad thing*.  I was shown how this is
> a security hole by lyndon@ncc.  I wrote the following short driver to uucico
> to solve the problem.  Rename the present uucico as 'uucico.exec' and name
> the compiled version of this program 'uucico'.

  I have heard this blanket statement about shell scripts being a security
hole before, possibly from you, and fail to see how this one (above) can
be such.  I fancy myself very literate in Unix security and agree that,
in general, shell scripts from inittab or suid-root scripts *might* have
a hole (usually in the form of a command that has a shell escape) but I
do not see the problem with the "if" statement, "cat" command, variable
assignment, export statement, or exec function.  As long as the shell script
is only readable and writeable for the person to whom it was intended to
serve and located in a "safe" directory, I see no problem.
  I do agree that the C-code is more elegant, but I would greatly appreciate
a posting or e-mail showing the holes as you see them.

Thanks,

Randy Davis
(ihnp4!)3b2fst!randy