Path: utzoo!attcan!uunet!auspex!guy
From: guy@auspex.UUCP (Guy Harris)
Newsgroups: comp.unix.wizards
Subject: Re: Secure setuid shell scripts
Message-ID: <316@auspex.UUCP>
Date: 27 Oct 88 18:01:24 GMT
References: <14069@mimsy.UUCP> <307@lakart.UUCP>
Reply-To: guy@auspex.UUCP (Guy Harris)
Organization: Auspex Systems, Santa Clara
Lines: 29

>One question. What does an
>
>execl("/bin/sh", "/bin/sh", "-", "-i", 0);
>
>do.

It probably fails on machines where the bit pattern for the "int" value
0 is not the same (either in size or in bit content) as the bit pattern
for a null "char *", but that's neither here nor there.... 

>I.e. what happens when the first line is:
>
>#! /bin/sh -
>
>rather than plain old:
>
>#! /bin/sh

It makes the shell not get confused if you run the script with a name
beginning with "-".  Thus, this is a Good Thing To Do.  However....

>This closes up the security hole very nicely here (unless there's some
>sneaky way of getting in that I didn't know about).

You're thinking of a different security hole.  Adding the "-" flag
doesn't do a damn thing for the one I suspect most of us are thinking
of.  That one is caused by a more subtle problem (one which most of us
discussing it didn't know about until it was pointed out to us, I
suspect - I sure didn't).