Path: utzoo!utgpu!attcan!uunet!mcvax!hp4nl!botter!ark.cs.vu.nl!maart
From: maart@cs.vu.nl (Maarten Litmaath)
Newsgroups: comp.unix.wizards
Subject: Re: show me
Message-ID: <1340@ark.cs.vu.nl>
Date: 29 Jul 88 18:00:09 GMT
References: <43200021@uicsrd.csrd.uiuc.edu>
Reply-To: maart@cs.vu.nl (Maarten Litmaath)
Organization: VU Informatica, Amsterdam
Lines: 25

In article <43200021@uicsrd.csrd.uiuc.edu> kai@uicsrd.csrd.uiuc.edu writes:
\
\I've seen talk about how unsafe setuid shell scripts are, but haven't ever
\seen any examples that prove this.  Would someone please explain to me know
\why, as a system administrator, I shouldn't ever use setuid/setgid shell
\scripts?

It has been pointed out before: using any setuid root shell script one can
become root in 10 seconds...

\Are these problems specific to particular versions of UNIX,

Versions with the #! magic number, that's versions which have got setuid
shell scripts at all.

\or particular
\shell types (sh, csh, ksh, perl) or version of those shells?

sh and csh work, ksh (being a superset of sh) too I guess, I don't know about
perl.
Email for more info.
Regards.
-- 
If you enjoyed the recent heat wave,  |Maarten Litmaath @ Free U Amsterdam:
you'll certainly like the ozone gap...|maart@cs.vu.nl, mcvax!botter!maart