Path: utzoo!yunexus!geac!syntron!jtsv16!uunet!auspex!guy
From: guy@auspex.UUCP (Guy Harris)
Newsgroups: comp.unix.wizards
Subject: Re: Secure setuid shell scripts
Message-ID: <303@auspex.UUCP>
Date: 25 Oct 88 17:34:10 GMT
Article-I.D.: auspex.303
References: <14066@iuvax.cs.indiana.edu> <4409@bsu-cs.UUCP> <14069@mimsy.UUCP> <546@sp7040.UUCP>
Reply-To: guy@auspex.UUCP (Guy Harris)
Organization: Auspex Systems, Santa Clara
Lines: 21

>just one question.  Is this problem a security hole for only BSD systems,
>or does it exist on other SVID type systems or others?

The one I know of would be a problem on non-BSD systems if they have the
following features:

	1) "#!" - the ability for the kernel to recognize that an
	   executable file is really a shell (or other) script, and to run
	   the appropriate shell on it

	2) symbolic links (not necessary in all cases, but necessary to
	   make it work under arbitrary circumstances)

and that handles certain aspects of process creation in a certain way.

If it's missing 1), the system doesn't *have* set-UID shell scripts in
the sense being discussed here; the trick is that if the *script* has
its set-UID or set-GID bit set, when it runs the shell in question it
will run it with set-UID or set-GID privileges.  Most non-BSD systems
don't have it, but some non-BSD systems do (although many of them
started from BSD, even though they may be S5-compatible...).