Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!wasatch!utah-gr!uplherc!sp7040!sbc
From: sbc@sp7040.UUCP (Stephen Carroll)
Newsgroups: comp.unix.wizards
Subject: Re: Secure setuid shell scripts
Summary: what system are we talking about?
Message-ID: <546@sp7040.UUCP>
Date: 21 Oct 88 15:57:34 GMT
References: <14066@iuvax.cs.indiana.edu> <4409@bsu-cs.UUCP> <14069@mimsy.UUCP>
Organization: Unisys, Salt Lake City, UT
Lines: 21

In article <14069@mimsy.UUCP>, chris@mimsy.UUCP (Chris Torek) writes:
] In article <4409@bsu-cs.UUCP> dhesi@bsu-cs.UUCP (Rahul Dhesi) asks:
] >If a 4.3BSD system has not been patched to disallow set-user-id shell
] >scripts, but root uses no set-user-id scripts, does a security hole
] >still exist that will allow an unprivileged user to obtain root
] >privileges?
] 
] If I can modify that to `... but there are no set-user-id scripts that
] set the user ID to root', the answer is no (discounting other avenues,
] e.g., the `::0:0:::' entries sometimes found in /etc/passwd).  If the
] system has not been patched, and there is a set-ID script somewhere,
] that script can be used as the basis for gaining the privileges granted
] by that ID (user or group) in a way that the author of the script most
] likely did not intend.
] -- 

just one question.  Is this problem a security hole for only BSD systems,
or does it exist on other SVID type systems or others?

Stephen B. Carroll
UUCP:   ...!{ hpda | sun }!sp7040!sbc