Path: utzoo!utgpu!water!watmath!clyde!att-cb!att-ih!pacbell!ames!mailrus!umix!uunet!mcvax!unido!pcsbst!jh
From: jh@pcsbst.UUCP (Johannes Heuft)
Newsgroups: comp.bugs.sys5
Subject: Re: A security hole
Message-ID: <120@pcsbst.UUCP>
Date: 8 Mar 88 10:43:47 GMT
References: <181@wsccs.UUCP> <2613@imag.UUCP> <995@luth.luth.se>
Reply-To: jh@pcsbst.UUCP (Johannes Heuft)
Organization: PCS GmbH, Pfaelzer-Wald-Str. 36, 8000 Muenchen; West-Germany
Lines: 10
Posted: Tue Mar  8 11:43:47 1988


In general: using system(3) or popen(3) inside a set-uid-on-exec
program is a severe security violation. Please believe guys
how know about it. If I would tell why, everybody could crack a
SVR2 within a four-line shell script! AT&T did a lot for
fixing this security hole in SVR3.*

For the same reason set-uid shell scripts should be outlawed (in BSD4.*).
Note, that getcwd(3) still calls popen("/bin/pwd" ...). Use getpwd()
if this routine is available.