Path: utzoo!utgpu!water!watmath!gamiddleton
From: gamiddleton@watmath.waterloo.edu (Guy Middleton)
Newsgroups: comp.unix.wizards
Subject: setuid shell scripts
Message-ID: <19045@watmath.waterloo.edu>
Date: 25 May 88 16:37:51 GMT
Reply-To: gamiddleton@watmath.waterloo.edu (Guy Middleton)
Organization: University of Waterloo [MFCF/ICR]
Lines: 24

The following recently showed up in comp.bugs.4bsd.ucb-fixes:

	From: bostic@OKEEFFE.BERKELEY.EDU (Keith Bostic)
	Subject: setuid/setgid shell scripts are a security risk
	Index: sys/kern_exec.c 4.3BSD

	Description:
		Setuid/setgid shell scripts have inherent problems that
		may be used to violate security.  These problems cannot
		be fixed without completely revising the semantics of
		executable shell scripts.
	Fix:
		Panel your office in asbestos, and apply the following patch
		to sys/kern_exec.c.

	[ followed by a patch to disable setuid shell scripts ]

This seems unnecessarily drastic action.  We know what the problems with
setuid shell scripts are; there is a simple kernel change to fix them (or
at least, it fixes the problems we are aware of).  Why not fix the problem,
instead of removing a useful feature from the system?

 -Guy Middleton, University of Waterloo Institute for Computer Research
 gamiddleton@math.waterloo.edu, watmath!gamiddleton	"nobody uses it, anyway"