Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!apple!bionet!agate!ucbvax!bostic
From: bostic@ucbvax.BERKELEY.EDU (Keith Bostic)
Newsgroups: comp.unix.wizards
Subject: Re: System V Release 4 ...
Message-ID: <26396@ucbvax.BERKELEY.EDU>
Date: 12 Oct 88 16:00:05 GMT
References: <467@gould.doc.ic.ac.uk>
Organization: University of California at Berkeley
Lines: 43

In article <467@gould.doc.ic.ac.uk>, brwk@doc.ic.ac.uk (Bevis King) writes:

> He believes that AT&T (or is it Sun - no can't be Sun, he worships the
> ground they walk on) have removed all setuid/setgid abilities from all
> shell scripts EVER. (PERIOD, FULL STOP, etc).

The current Berkeley distribution (4.3BSD-tahoe) does not allow setuid/gid
shell scripts.  The Volume 1, #59 posting to the comp.bugs.4bsd.ucb-fixes
newsgroup (attached) was a change to the kernel to disable them.  This is
because there was a security problem associated with shell scripts that we
thought could only be fixed by changing the semantics of shell scripts.
We have since found another method of fixing them, which will require
fairly major modifications to the system, so will probably not be posted as
a bug fix.  Setuid/gid scripts should be available in the next BSD release.

Keith Bostic

++++++++++++++++++++
Subject: setuid/setgid shell scripts are a security risk
Index: sys/kern_exec.c 4.3BSD

Description:
	Setuid/setgid shell scripts have inherent problems that
	may be used to violate security.  These problems cannot
	be fixed without completely revising the semantics of
	executable shell scripts.
Fix:
	Panel your office in asbestos, and apply the following patch
	to sys/kern_exec.c.

*** kern_exec.c.orig	Sun May 22 14:07:19 1988
--- kern_exec.c.new	Sun May 22 14:07:55 1988
***************
*** 180,185 ****
--- 180,187 ----
  		bcopy((caddr_t)ndp->ni_dent.d_name, (caddr_t)cfname,
  		    MAXCOMLEN);
  		cfname[MAXCOMLEN] = '\0';
+ 		uid = u.u_uid;
+ 		gid = u.u_gid;
  		goto again;
  	}