Path: utzoo!yunexus!geac!syntron!jtsv16!uunet!husc6!bbn!rochester!pt.cs.cmu.edu!PLAY.MACH.CS.CMU.EDU!bsy
From: bsy@PLAY.MACH.CS.CMU.EDU (Bennet Yee)
Newsgroups: comp.unix.wizards
Subject: Re: Secure setuid shell scripts
Message-ID: <3388@pt.cs.cmu.edu>
Date: 25 Oct 88 01:44:25 GMT
Article-I.D.: pt.3388
References: <14066@iuvax.cs.indiana.edu> <4409@bsu-cs.UUCP> <3194@tekcrl.CRL.TEK.COM> <3969@encore.UUCP>
Sender: netnews@pt.cs.cmu.edu
Organization: Cranberry Melon
Lines: 34

In article <3969@encore.UUCP> bzs@encore.com (Barry Shein) writes:
]From: terryl@tekcrl.CRL.TEK.COM
]>In article <4409@bsu-cs.UUCP> dhesi@bsu-cs.UUCP (Rahul Dhesi) writes:
]>>If a 4.3BSD system has not been patched to disallow set-user-id shell
]>>scripts, but root uses no set-user-id scripts, does a security hole
]>>still exist that will allow an unprivileged user to obtain root
]>>privileges?
]>
]>     Yes. The problem is not that root uses a set-user-id shell script,
]>but that there exists anywhere in the file system a set-user-id shell
]>script THAT I CAN EXECUTE AS A MERE MORTAL(i.e. normal user). If such
]>a set-user-id shell script does exist, then in a manner of minutes
]>(depending on how fast I can type!!! (-:) I can become the id of that
]>shell script!!!!
]
]I think Rahul is asking the same question I asked and we're both being
]misunderstood (I've also gotten some private mail indicating a
]misunderstanding.)
]
]Rephrase: If there are NO setuid scripts on the entire system does
]there exist a bug which can be exploited?
]

If there are no setuid scripts on the entire system, there is no way that
somebody could break into the system using the setuid script bug.  If you
create your own script setuid to yourself, you'd only allow other people to
gain access to your account.

-bsy
-- 
Internet:	bsy@cs.cmu.edu		Bitnet:	bsy%cs.cmu.edu%smtp@interbit
CSnet:	bsy%cs.cmu.edu@relay.cs.net	Uucp:	...!seismo!cs.cmu.edu!bsy
USPS:	Bennet Yee, CS Dept, CMU, Pittsburgh, PA 15213-3890
Voice:	(412) 268-7571