Newsgroups: comp.unix.wizards
Path: utzoo!henry
From: henry@utzoo.uucp (Henry Spencer)
Subject: setuid shell scripts
Message-ID: <1988Oct21.173334.16950@utzoo.uucp>
Organization: U of Toronto Zoology
References: <467@gould.doc.ic.ac.uk> <13958@mimsy.UUCP> <109@minya.UUCP> <27@auspex.UUCP>
Date: Fri, 21 Oct 88 17:33:34 GMT

There are actually two problems here.  One is with the #! machinery,
and is the one that Guy is referring to.  That can probably be fixed if
one is sufficiently clever, and/or if one accepts a speed penalty.

The other is the general problem with setuid shell scripts:  the semantics
of the shell are quite complex and there is little control over low-level
details, which makes it relatively difficult to write cracker-proof shell
scripts.  This problem is solvable in principle, but it's one of those
cases where there have been so many problems found that nobody is at all
confident that there aren't any more.
-- 
The meek can have the Earth;    |    Henry Spencer at U of Toronto Zoology
the rest of us have other plans.|uunet!attcan!utzoo!henry henry@zoo.toronto.edu