Path: utzoo!utgpu!attcan!uunet!mcvax!hp4nl!uva!dik
From: dik@uva.UUCP (Casper H.S. Dik)
Newsgroups: comp.unix.wizards
Subject: Re: setuid shell scripts
Summary: You can still use them on suns.
Keywords: sun setuid execve
Message-ID: <563@uva.UUCP>
Date: 7 Nov 88 13:11:22 GMT
References: <850@cantuar.UUCP> <1627@solo8.cs.vu.nl>
Sender: news@uva.UUCP
Reply-To: dik@uva.UUCP (Casper H.S. Dik)
Organization: Faculteit Wiskunde & Informatica, Universiteit van Amsterdam
Lines: 33


Hi there,

I might be wrong. But in SunOS 3.4 modifying your setuid-scripts:

from

#!<shell>

to 

#!<shell> <full pathname of script>
shift # throw away excess argument.

should close the gap.
This should work on all un*x systems whose kernel interprets an optional first
argument. This method guarantees the correct argument will be supplied to
the shell. It breaks, however, if the script can be removed/renamed by somebody
who isn't the owner or the superuser.

To find out wether your kernel does or doesn't allow for an extra argument
try the script:

#!/bin/echo yes

If this script echoes  'yes <scriptname>' you're in luck.
(It should echo <scriptname> in other cases, of course)
(It seems to work in 4.3BSD as well, but I couldn't find it in the docs)

____________________________________________________________________________
Casper H.S. Dik
University of Amsterdam     |		      dik@uva.uucp
The Netherlands             |                 ...!uunet!mcvax!uva!dik