Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watmath!clyde!rutgers!husc6!hao!ames!ucbcad!ucbvax!decvax!decwrl!pyramid!uccba!hal!ncoast!allbery From: allbery@ncoast.UUCP Newsgroups: comp.sys.att Subject: Re: a few questions on the 3B1 Message-ID: <4953@ncoast.UUCP> Date: Tue, 27-Oct-87 23:14:54 EST Article-I.D.: ncoast.4953 Posted: Tue Oct 27 23:14:54 1987 Date-Received: Sat, 31-Oct-87 17:59:59 EST References: <1913@gryphon.CTS.COM> <144800006@tiger.UUCP> Reply-To: allbery@ncoast.UUCP (Brandon Allbery) Followup-To: comp.sys.att Organization: Cleveland Public Access UN*X, Cleveland, Oh Lines: 29 As quoted from <144800006@tiger.UUCP> by rjd@tiger.UUCP: +--------------- | > [Shell script] | > Using a shell script for a login is a *bad thing*. I was shown how this is | > a security hole by lyndon@ncc. I wrote the following short driver to uucico | > to solve the problem. Rename the present uucico as 'uucico.exec' and name | > the compiled version of this program 'uucico'. | | I have heard this blanket statement about shell scripts being a security | hole before, possibly from you, and fail to see how this one (above) can | be such. I fancy myself very literate in Unix security and agree that, +--------------- This has been reproduced on ncoast. All you have to do is hit DEL at the right time in a login shell script and you get an interactive shell. (Of course, this hole is rather hard to exploit on a reasonably fast system, since the window can be closed immediately by putting a trap command as the first line of the script.) Fix: use a C program instead. Using a shell script as the login shell has another misfeature, although it's not likely to affect a UUCP login: "su" on the majority of systems I've used will NOT execute a shell script. (It looks like "login" uses execlp(), but "su" uses execl().) In summary: don't use shell scripts as login shells. -- Brandon S. Allbery necntc!ncoast!allbery@harvard.harvard.edu {harvard!necntc,well!hoptoad,sun!mandrill!hal,uunet!hnsurg3}!ncoast!allbery "Uncle _who_?" -- Lt. Worf ^^^^^^^^^^^^^ NOTE NEW PATH!