Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!haven!mimsy!chris
From: chris@mimsy.UUCP (Chris Torek)
Newsgroups: comp.unix.wizards
Subject: Re: Secure setuid shell scripts
Message-ID: <14069@mimsy.UUCP>
Date: 20 Oct 88 00:13:29 GMT
References: <14066@iuvax.cs.indiana.edu> <4409@bsu-cs.UUCP>
Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742
Lines: 16

In article <4409@bsu-cs.UUCP> dhesi@bsu-cs.UUCP (Rahul Dhesi) asks:
>If a 4.3BSD system has not been patched to disallow set-user-id shell
>scripts, but root uses no set-user-id scripts, does a security hole
>still exist that will allow an unprivileged user to obtain root
>privileges?

If I can modify that to `... but there are no set-user-id scripts that
set the user ID to root', the answer is no (discounting other avenues,
e.g., the `::0:0:::' entries sometimes found in /etc/passwd).  If the
system has not been patched, and there is a set-ID script somewhere,
that script can be used as the basis for gaining the privileges granted
by that ID (user or group) in a way that the author of the script most
likely did not intend.
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris@mimsy.umd.edu	Path:	uunet!mimsy!chris