Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cornell!uw-beaver!rice!sun-spots-request
From: mcvax!cs.vu.nl!maart@uunet.uu.net (Maarten Litmaath)
Newsgroups: comp.sys.sun
Subject: Re: Set-uid shell scripts (Don't do it + apology)
Keywords: SunOS
Message-ID: <2394@fireball.cs.vu.nl>
Date: 5 May 89 21:46:57 GMT
References: <8904040923.AA07853@uk.ac.oxford.robots>
Sender: usenet@rice.edu
Organization: V.U. Informatica, Amsterdam, the Netherlands
Lines: 21
Approved: Sun-Spots@rice.edu
Original-Date: 25 Apr 89 13:04:09 GMT
X-Sun-Spots-Digest: Volume 7, Issue 268, message 9 of 21

will%robots.oxford.ac.uk@nss.cs.ucl.ac.uk (Will Dickson) writes:
\... there is no secure interpreter, as there is a
\problem in the kernel rather than in the interpreters themselves which can
\be exploited (< 20 lines of plain C, with standard UNIX calls) to break
\any suid script.
 ^^^

Simply not true. Use setuid(1) and you're out of trouble. The source and
manual can be acquired from the comp.sources.misc archives or by emailing
me.

\There are a few problems with my posting, one of which
\hasn't been mentioned (but hinted at by Henry Spencer in v7n218): csh
			    ^^^^^^

He could have been specific, for the essential problem has been revealed
about nine months ago in comp.unix.wizards (yes, by me).  I've got a
detailed description on-line.

 "If it isn't aesthetically pleasing, |Maarten Litmaath @ VU Amsterdam:
  it's probably wrong." (jim@bilpin). |maart@cs.vu.nl, mcvax!botter!maart