Path: utzoo!utgpu!attcan!uunet!mcvax!hp4nl!botter!star.cs.vu.nl!maart
From: maart@cs.vu.nl (Maarten Litmaath)
Newsgroups: comp.unix.wizards
Subject: Re: setuid shell scripts
Keywords: Let's give it all away, Chris!
Message-ID: <1627@solo8.cs.vu.nl>
Date: 5 Nov 88 02:10:41 GMT
References: <850@cantuar.UUCP>
Reply-To: maart@cs.vu.nl (Maarten Litmaath)
Organization: VU Informatica, Amsterdam
Lines: 33

In article <850@cantuar.UUCP> greg@cantuar.UUCP (G. Ewing) writes:
\Under how many of the following conditions does the problem
\still exist:
\
\   (A)	The shell checks the owner and set{u,g}id bits of the
\	script it is about to execute to make sure it's okay.

Safe.

\   (B)	The "shell" isn't a shell or interpreter at all, and
\	doesn't execute the script as a list of commands.

Safe.

\   (C)	The "shell" consists of the following program:
\
\		main() {
\		}

Special case of 2.

\If any of these things prevent the problem, then I submit that
\removing the setuid-#! facility is wrong.

Questionable; every interpreter would have to take care of things, while
it should be the kernel who's getting them straight.

\Greg Ewing				Internet: greg@cantuar.uucp

Family?
-- 
George Bush:                          |Maarten Litmaath @ VU Amsterdam:
             Capt. Slip of the Tongue |maart@cs.vu.nl, mcvax!botter!maart