Path: utzoo!attcan!uunet!auspex!guy
From: guy@auspex.auspex.com (Guy Harris)
Newsgroups: comp.unix.questions
Subject: Re: SUID and Shell scripts
Keywords: SUID Shell Won't Work
Message-ID: <1650@auspex.auspex.com>
Date: 18 May 89 17:57:45 GMT
References: <5073@b11.ingr.com>
Reply-To: guy@auspex.auspex.com (Guy Harris)
Organization: Auspex Systems, Santa Clara
Lines: 18

>        The suggested use of a shell script needs some clarification,
>using the suid bit on a shell script has no effect on the effective id
>of the person executing the shell.

Well, it depens on what flavor of UNIX you have.  *If* you have one that
supports "#!" in the "exec" calls, and *if* your script begins with a
"#!" line, then setting the suid bit on a shell script *does* cause the
effective ID(s) of the process running the script to be set to those of
the owner/group of the script - assuming the system you're running
doesn't disable set-UID shell scripts in "exec", as was done by Berkeley
at one point to deal with some rather nasty security holes that set-UID
shell scripts open up.

Maarten Litmath has written a program to let you run shell scripts
set-UID which he claims doesn't have any such security holes.  I assume
he's right; however, you still have to be careful when writing set-UID
shell scripts, just as you have to be careful when writing *any* set-UID
program.