Path: utzoo!utgpu!utstat!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!husc6!rice!sun-spots-request
From: prl@eiger.uucp
Newsgroups: comp.sys.sun
Subject: Re: suid doesn't work
Message-ID: <sq890127062424>
Date: 31 Jan 89 20:25:46 GMT
Sender: usenet@rice.edu
Organization: Sun-Spots
Lines: 22
Approved: Sun-Spots@rice.edu
Original-Date: 27 Jan 89  6:24 +0100
X-Sun-Spots-Digest: Volume 7, Issue 130, message 9 of 17
X-Issue-Reference: v7n117

But DON'T actually do this [[ setuid shells ]] if you want to keep your
system in any way secure. There is a kernel bug (in all Unixes with the #!
feature, not just SunOS) which allows set-uid shell scripts to be tricked
into allowing *any* commands to be executed setuid in place of the shell
script!!

	DON'T DO IT!! See Maarten Litmaath's posting in
	comp.sources.misc v05i097 for a probably secure way
	of doing what you want.

I am surprised that wnl didn't warn about this problem.

[[ Wnl didn't warn about this problem because wnl wasn't aware of it.
Unfortunately, I don't have the time to ingest all the information (and
weed out the noise) that the net produces.  Thank you for bringing it to
everyone's attention.  --wnl ]]

-- 
Peter Lamb
uucp:  uunet!mcvax!ethz!prl	eunet: prl@ethz.uucp	Tel:   +411 256 5241
Integrated Systems Laboratory
ETH-Zentrum, 8092 Zurich