Path: utzoo!utgpu!water!watmath!clyde!att!rutgers!apple!bionet!uwmcsd1!marque!uunet!mcvax!hp4nl!botter!star.cs.vu.nl!maart
From: maart@cs.vu.nl (Maarten Litmaath)
Newsgroups: comp.unix.wizards
Subject: Re: Secure setuid shell scripts
Keywords: race, race, race
Message-ID: <1575@star.cs.vu.nl>
Date: 26 Oct 88 09:25:54 GMT
References: <14066@iuvax.cs.indiana.edu> <4409@bsu-cs.UUCP> <14069@mimsy.UUCP> <546@sp7040.UUCP> <303@auspex.UUCP>
Reply-To: maart@cs.vu.nl (Maarten Litmaath)
Organization: VU Informatica, Amsterdam
Lines: 18

In article <303@auspex.UUCP> guy@auspex.UUCP (Guy Harris) writes:
\>just one question.  Is this problem a security hole for only BSD systems,
\>or does it exist on other SVID type systems or others?
\
\The one I know of would be a problem on non-BSD systems if they have the
\following features:
\
\	1) "#!" - the ability for the kernel to recognize that an
\	   executable file is really a shell (or other) script, and to run
\	   the appropriate shell on it
\
\	2) symbolic links (not necessary in all cases, but necessary to
\	   make it work under arbitrary circumstances)

I don't need 2 at all! Just a bit patience will do...
-- 
Hippic sport:                         |Maarten Litmaath @ VU Amsterdam:
             a contradiction in terms.|maart@cs.vu.nl, mcvax!botter!maart