Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!uflorida!haven!mimsy!chris
From: chris@mimsy.UUCP (Chris Torek)
Newsgroups: comp.unix.wizards
Subject: Re: System V Release 4 ...
Message-ID: <13958@mimsy.UUCP>
Date: 12 Oct 88 14:55:33 GMT
References: <467@gould.doc.ic.ac.uk>
Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742
Lines: 25

>in article <10421@tekecs.TEK.COM> andrew@tekecs.TEK.COM says:
>>The [SVR4] kernel will be able to exec shell scripts which begin
>>with "#!".  The setuid/setgid bits for such files will be ignored.

In article <467@gould.doc.ic.ac.uk> brwk@doc.ic.ac.uk (Bevis King) writes:
>I interpretted the above to mean "setuid/setgid" shells can only be run
>by the default shell, and any attempt to change from that results in the
>setuid/setgid being ignored.  [Someone else] believes that AT&T (or is
>it Sun - no can't be Sun, he worships the ground they walk on) have
>removed all setuid/setgid abilities from all shell scripts EVER. ...

You are both wrong :-)

It was Berkeley; AT&T and Sun will do it (did it in SunOS4.0?) for the
same reason.  The set-ID bits on shell scripts are always ignored.
A set-ID binary can, of course, run a shell script, although the
disable in 4.3BSD-tahoe makes this ugly: you have to setre[gu]id first.

There is a large and nasty (but very friendly-looking) bug hiding behind
set-ID shell scripts.  The bug is embedded in the file system semantics.
(Actually, I do know how to fix it, even under NFS, though it is not
pretty, and I have never really liked set-ID scripts anyway.)
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris@mimsy.umd.edu	Path:	uunet!mimsy!chris