Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ncar!husc6!rice!sun-spots-request
From: attcan!utzoo!henry@uunet.uu.net
Newsgroups: comp.sys.sun
Subject: Re: Are suid shell scripts using /bin/csh secure
Keywords: Software
Message-ID: <8903131921.AA10854@uunet.UU.NET>
Date: 31 Mar 89 02:27:26 GMT
Sender: usenet@rice.edu
Organization: Sun-Spots
Lines: 19
Approved: Sun-Spots@rice.edu
Original-Date: Mon, 13 Mar 89 14:21:35 -0500
X-Sun-Spots-Digest: Volume 7, Issue 218, message 1 of 17

>I know of three common modes of attack on set-uid shell scripts, all of
>which I have failed to apply successfully to reasonably written shell
>scripts under /bin/csh...
>The question is, are there any other ways in which shell scripts can be
>broken, and which shells do they apply to?

The real question is, are you confident that there *aren't* any others?
If not, then you cannot consider setuid shell scripts using /bin/csh to be
secure.  The fundamental security problem with setuid shell scripts is
simply that the shells are complex command interpreters which depend on
their environment in complicated ways and were not built for security.
There's just no way to be sure that the last hole has been found.

(If you want another one to check out...  Can csh be tricked, by invoking
it with suitable arguments, into running the equivalent of a .profile
before running the script?)

	Henry Spencer at U of Toronto Zoology
	uunet!attcan!utzoo!henry henry@zoo.toronto.edu