Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!cornell!batcomputer!itsgw!steinmetz!uunet!auspex!guy
From: guy@auspex.UUCP (Guy Harris)
Newsgroups: comp.unix.wizards
Subject: Re: System V Release 4 ...
Message-ID: <27@auspex.UUCP>
Date: 19 Oct 88 17:17:41 GMT
References: <467@gould.doc.ic.ac.uk> <13958@mimsy.UUCP> <109@minya.UUCP>
Reply-To: guy@auspex.UUCP (Guy Harris)
Organization: Auspex Systems, Santa Clara
Lines: 11

>It's not even obvious that such a claim is credible.

Such a claim is credible.  On most UNIX systems supporting "#!"
executables, if that system supports set-UID "#!" scripts, there exists
a program that can, given the existence of a set-UID shell script that
can be executed by user X, permit user X to run any other shell script
set-UID to that user - *regardless* of what the underlying set-UID shell
script does, or what shell it uses! The problem isn't with the language
in which the script is written, it's with the "#!" mechanism itself.

I've seen the program do precisely that.