Path: utzoo!attcan!uunet!husc6!uwvax!dogie!uwmcsd1!ig!agate!ucbvax!OKEEFFE.BERKELEY.EDU!bostic
From: bostic@OKEEFFE.BERKELEY.EDU (Keith Bostic)
Newsgroups: comp.bugs.4bsd.ucb-fixes
Subject: V1.59 (setuid/setgid shell scripts are a security risk)
Message-ID: <8805240301.AA05540@okeeffe.Berkeley.EDU>
Date: 24 May 88 03:01:09 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: University of California at Berkeley
Lines: 25
Approved: ucb-fixes@okeeffe.berkeley.edu

Subject: setuid/setgid shell scripts are a security risk
Index: sys/kern_exec.c 4.3BSD

Description:
	Setuid/setgid shell scripts have inherent problems that
	may be used to violate security.  These problems cannot
	be fixed without completely revising the semantics of
	executable shell scripts.
Fix:
	Panel your office in asbestos, and apply the following patch
	to sys/kern_exec.c.

*** kern_exec.c.orig	Sun May 22 14:07:19 1988
--- kern_exec.c.new	Sun May 22 14:07:55 1988
***************
*** 180,185 ****
--- 180,187 ----
  		bcopy((caddr_t)ndp->ni_dent.d_name, (caddr_t)cfname,
  		    MAXCOMLEN);
  		cfname[MAXCOMLEN] = '\0';
+ 		uid = u.u_uid;
+ 		gid = u.u_gid;
  		goto again;
  	}