Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ames!amdcad!sun!pitstop!sundc!seismo!uunet!mcvax!hp4nl!botter!star.cs.vu.nl!maart
From: maart@cs.vu.nl (Maarten Litmaath)
Newsgroups: comp.unix.wizards
Subject: Re: problems with setuid (?)
Message-ID: <1992@solo9.cs.vu.nl>
Date: 31 Jan 89 16:53:16 GMT
References: <18213@adm.BRL.MIL>
Organization: V.U. Informatica, Amsterdam, the Netherlands
Lines: 19

Pabbisetty.henr@xerox.com (Nagesh Pabbisetty) writes:
\# c-shell script file to kill xnsstart and xnshelper
\kill -9 `ps -ax | fgrep xnsstart | fgrep -v fgrep | cut -c1-5`
\kill -9 `ps -ax | fgrep xnshelper | fgrep -v fgrep | cut -c1-5`

A setuid script must start with the `#!' magic number, as in

	#! /bin/csh -bf

There can be 1 argument (in this case `-bf'). However, setuid scripts that
don't invoke `/bin/secure' or `/bin/setuid' as `interpreter' are a security
leak! This topic was discussed a couple of months ago in comp.unix.wizards.
Email for more detail.
Both of the programs mentioned above recently appeared in comp.sources.misc.
If you decide to use `/bin/setuid', be sure you have version 1.1 or higher.
Version 1.0 contained a race condition bug.
-- 
 "Does she play, er, tennis?          |Maarten Litmaath @ VU Amsterdam:
             Wink wink, notch notch!" |maart@cs.vu.nl, mcvax!botter!maart