Path: utzoo!attcan!uunet!mcvax!ukc!eagle.ukc.ac.uk!icdoc!doc.ic.ac.uk!brwk From: brwk@doc.ic.ac.uk (Bevis King) Newsgroups: comp.unix.wizards Subject: Re: System V Release 4 ... Message-ID: <467@gould.doc.ic.ac.uk> Date: 10 Oct 88 19:41:04 GMT Sender: brwk@doc.ic.ac.uk Reply-To: brwk@doc.ic.ac.uk (Bevis King) Organization: Dept. of Computing, Imperial College, London, UK. Lines: 44 in article <10421@tekecs.TEK.COM> andrew@tekecs.TEK.COM says: >SHELLS > ... >The kernel will be able to exec shell scripts which begin with "#!". >The setuid/setgid bits for such files will be ignored. These comments nearly started a riot. Being of a "System V's ok if you add quite a lot of Berkeley bits to it" pursuasion, I had a flaming row with a Sun-freak "Berkeley is best, system V is so broken it's worse than MS-DOS". I interpretted the above to mean "setuid/setgid" shells can only be run by the default shell, and any attempt to change from that results in the setuid/setgid being ignored. Consider this example: a root shell script is written by a systems programmer who thinks tcsh is the best thing since sliced bread (NO FLAMES PLEASE - I HAVE NOT EXPRESSED AN OPINION EITHER WAY). It needs to be setuid/setgid for some reason. On most systems tcsh is in /usr/local/bin, which in many systems is publicly writable to encourage people to put their ports of PDSoft up. Someone can easily place a trojan horse in place of /usr/local/bin/tcsh and get root permission. /bin should never be publicly writable, after all thats what /usr/local/bin is all about. He believes that AT&T (or is it Sun - no can't be Sun, he worships the ground they walk on) have removed all setuid/setgid abilities from all shell scripts EVER. (PERIOD, FULL STOP, etc). Which of us is right? Am I being to kind to AT&T, and this is really broke? Or, is he just overacting because the words System V were mentioned? Tell us please, or the wars will continue... Thanks, Bevis Disclaimer: These are my views, many disagree with them, often loudly :-) Bevis King, Systems Programmer | Email: brwk@doc.ic.ac.uk Dept of Computing, Imperial College | UUCP : ..!mcvax!ukc!icdoc!brwk 180 Queens Gate, London, SW7 2BZ, UK. | Voice: +44 1 589 5111 x 5085 "Never argue with a computer" ... Avon (Blake's 7)