Path: utzoo!yunexus!geac!syntron!jtsv16!uunet!husc6!think!ames!ncar!tank!mimsy!chris From: chris@mimsy.UUCP (Chris Torek) Newsgroups: comp.unix.wizards Subject: Re: Secure setuid shell scripts Message-ID: <14139@mimsy.UUCP> Date: 24 Oct 88 20:23:12 GMT Article-I.D.: mimsy.14139 References: <14066@iuvax.cs.indiana.edu> <4409@bsu-cs.UUCP> <14069@mimsy.UUCP> <546@sp7040.UUCP> Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742 Lines: 39 >>In article <4409@bsu-cs.UUCP> dhesi@bsu-cs.UUCP (Rahul Dhesi) asked: >>>If a 4.3BSD system has not been patched .... >In article <14069@mimsy.UUCP> I answered: >>If the system has not been patched, and there is a set-ID script somewhere, >>that script can be used as the basis for gaining the privileges granted >>by that ID (user or group) in a way that the author of the script most >>likely did not intend. In article <546@sp7040.UUCP> sbc@sp7040.UUCP (Stephen Carroll) asks: >just one question. Is this problem a security hole for only BSD systems, >or does it exist on other SVID type systems or others? Since System Vs% do not have directly-executable scripts, System Vs do not have the problem, because System Vs cannot possibly have any set-ID scripts. (Actually, there is a way to have set-ID scripts without having the kernel do it: you make the interpreter itself set-ID, and have it check the ID on the script. I believe ksh can do this. sh cannot, certainly not without modification.) ----- % Not System V, System Vs: there are many different System Vs, all incompatible to some extent. *Which one* shall we consider standard? ----- - If the kernel does not have directly-executable scripts, the system does not have the bug. - If the kernel has the #! mechanism copied directly from 4BSD, the system does have the bug. - If the kernel has a modified #! mechanism, it might not have the bug. - If you have on your machine no scripts that are themselves set-ID (user or group), you need not worry about the bug, whether it exists or not on your system. -- In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163) Domain: chris@mimsy.umd.edu Path: uunet!mimsy!chris