Path: utzoo!utgpu!watmath!cantuar!greg From: greg@cantuar.UUCP (G. Ewing) Newsgroups: comp.unix.wizards Subject: Re: setuid shell scripts Keywords: But is it what Chris really meant? Message-ID: <855@cantuar.UUCP> Date: 14 Nov 88 01:23:26 GMT References: <850@cantuar.UUCP> <1627@solo8.cs.vu.nl> Reply-To: greg@cantuar.UUCP (G. Ewing) Organization: University of Canterbury, Christchurch, New Zealand Lines: 40 Sigh... confusion still abounds. I have received various replies of the form: Maarten Litmaath (maart@cs.vu.nl) writes: >In article <850@cantuar.UUCP> greg@cantuar.UUCP (G. Ewing) writes: >\ (A) The shell checks the owner and set{u,g}id bits of the >Safe. >\ (B) The "shell" isn't a shell or interpreter at all, and >Safe. >\ (C) The "shell" consists of the following program: >Special case of 2. On the other hand, I've also had replies such as (sorry, I don't know the sender's name in real life): >From: >None of those things prevent the bug, I'm afraid, not singly, and not >in combination. and Chris Torek indicated in an earlier posting that there was a problem that was *completely independent* of shell semantics. Presumably this means that it doesn't matter if the shell isn't a shell. Maarten Litmaath again: >\removing the setuid-#! facility is wrong. >Questionable; every interpreter would have to take care of things, while >it should be the kernel who's getting them straight. I'd be quite happy for the kernel to do it right. I was just saying that disabling the facility altogether might be overkill. Or it might not. Can you shed any light, Chris? Greg Ewing Internet: greg@cantuar.uucp Spearnet: greg@nz.ac.cantuar Telecom: +64 3 667 001 x8357 UUCP: ...!{watmath,munnari,mcvax,vuwcomp}!cantuar!greg Post: Computer Science Dept, Univ. of Canterbury, Christchurch, New Zealand Disclaimer: The presence of this disclaimer in no way implies any disclaimer.