Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cornell!uw-beaver!rice!sun-spots-request
From: mcvax!cs.vu.nl!maart@uunet.uu.net (Maarten Litmaath)
Newsgroups: comp.sys.sun
Subject: Re: suid doesn't work
Message-ID: <1963@kappl.cs.vu.nl>
Date: 31 Jan 89 20:05:35 GMT
References: <8901180148.AA03624@frodo.physicsa.mcgill.ca>
Sender: usenet@rice.edu
Organization: V.U. Informatica, Amsterdam, the Netherlands
Lines: 30
Approved: Sun-Spots@rice.edu
Original-Date: 24 Jan 89 23:56:08 GMT
X-Sun-Spots-Digest: Volume 7, Issue 130, message 8 of 17

phil@Rice.edu (William LeFebvre) writes:
> ...  So if the first line in a shell file is "#!/bin/sh" or
> "#!/bin/csh", then the file can actually be executed like it was a binary
> executable (it will run when invoked with a call to "exec").  Only this
> second form can be successfully set-uid.

And it's a security risk, discussed in comp.unix.wizards not too long ago.
For safe setuid scripts use David Goodenough's (dg@lakart.uucp) `secure'
program or my `setuid' program, both of which appeared in
comp.sources.misc.  These programs are to be specified as the interpreter
of the script:

	#! /bin/secure
or
	#! /bin/setuid

They in turn execute the real interpreter of the script, e.g. /bin/sh.
Using David's program there must be a database containing the names, uids
and interpreters of setuid scripts, and the scripts themselves needn't be
setuid because /bin/secure is setuid root; my program expects below the
`#!' line a line of the form:

	#? absolute-path-of-interpreter [args] absolute-path-of-file [args]

If you want to use my program, make sure you have version 1.1 or higher
(1.0 contained a race condition bug); I expect to see it in
comp.sources.misc any day from now.

	Maarten Litmaath @ VU Amsterdam:
	maart@cs.vu.nl, mcvax!botter!maart