Xref: utzoo comp.bugs.4bsd:897 comp.bugs.misc:179 comp.bugs.sys5:516
Path: utzoo!utgpu!attcan!uunet!husc6!rutgers!bellcore!tness7!ninja!killer!egs
From: egs@killer.DALLAS.TX.US (Eric Schnoebelen)
Newsgroups: comp.bugs.4bsd,comp.bugs.misc,comp.bugs.sys5
Subject: Re: Hard Links between UNIX Utility Programs
Summary: Don't use SetUID shell scripts
Message-ID: <5080@killer.DALLAS.TX.US>
Date: 4 Aug 88 15:25:05 GMT
References: <184@chip.UUCP> <185@chip.UUCP> <218@tarkus.UUCP> <153@ispi.UUCP>
Reply-To: egs@killer.DALLAS.TX.US (Eric Schnoebelen)
Organization: John W. Bridges & Associates, Inc.
Lines: 34

In article <153@ispi.UUCP> jbayer@ispi.UUCP (id for use with uunet/usenet) 
writes:
>
>Another workable solution is to do the following steps:
>
>	1.	Move the programs you want to restrict to a directory
>			readable only by the super user.
>	2.	Create a shell script for each type of call for each program
>	3.	Make the shell script executable by everyone.
>	4.	Make the owner of the shell script the super user
>	5.	Set the user bit for the shell script (chmod u+s name)

 	Over in comp.unix.wizards they are having a nice little
discussion about setuid shell scripts, and several people have shown how
they are a larger security hole than the programs being discussed here.

	( see comp.unix.wizards for examples )

	A better choice for this solution might be to write small 'wrapper'
programs, and set the suid bit on them.

>Now no matter how someone calls the shell script the program will still
>be called using the correct name.
>
>Jonathan Bayer
>Intelligent Software Products, inc.
>19 Virginia Ave.
>Rockville Centre, NY   11570
>uunet!ispi!jbayer

	Eric Schnoebelen
	John W. Bridges & Associates, Inc.
	Lewisville, Tx.   75067
	u-word!egs@killer.dallas.tx.us