Path: utzoo!yunexus!geac!syntron!jtsv16!uunet!seismo!sundc!pitstop!sun!amdcad!ames!haven!mimsy!chris
From: chris@mimsy.UUCP (Chris Torek)
Newsgroups: comp.unix.wizards
Subject: Re: Secure setuid shell scripts
Message-ID: <14175@mimsy.UUCP>
Date: 26 Oct 88 18:46:24 GMT
Article-I.D.: mimsy.14175
References: <14069@mimsy.UUCP> <307@lakart.UUCP>
Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742
Lines: 26

In article <307@lakart.UUCP> dg@lakart.UUCP (David Goodenough) suggests:
-#! /bin/sh -
-rather than plain old:
-#! /bin/sh
-This closes up the security hole very nicely here (unless there's some
-sneaky way of getting in that I didn't know about).

Yes, there is a sneaky way that you did not know about.

-it was suggested that if no symbolic links existed, then by denying
-write permission to general users on all filesystems where suid 0 reside
-the problem could be reduced.

That would work around this particular bug.

-As an aside on the IFS problem: the following is taken from man 1 sh:
-          IFS  Internal field separators, normally space, tab,
-               and newline.  IFS is ignored if sh is running as
-               root or if the effective user id differs from the
-               real user id.

IFS should *never* be imported; with any luck I may get this fixed in
4.4BSD.
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris@mimsy.umd.edu	Path:	uunet!mimsy!chris