Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!cs.utexas.edu!tut.cis.ohio-state.edu!pt.cs.cmu.edu!fed.expres.cs.cmu.edu!jgm From: jgm@fed.expres.cs.cmu.edu (John G. Myers) Newsgroups: comp.sys.next Subject: Re: Question about setuid bit Message-ID: <7846@pt.cs.cmu.edu> Date: 5 Feb 90 18:05:49 GMT References: <1990Feb3.015340.20467@csustan.CSUStan.Edu> <291@toaster.SFSU.EDU> <7818@pt.cs.cmu.edu> <15476@orstcs.CS.ORST.EDU> Organization: Carnegie Mellon University Lines: 48 In article <15476@orstcs.CS.ORST.EDU> pvo3366@sapphire.OCE.ORST.EDU (Paul O'Neill) writes: >In article <7818@pt.cs.cmu.edu> jgm@fed.expres.cs.cmu.edu (John G. Myers) writes: >>Berkeley has published an official fix for BSD which basically >>disables setuid shell scripts. > >More info please. >How can we apply this kernel patch to our NeXT's? The fix is number 59 and can be gotten via anonymous ftp to uunet.uu.net in the directory "ucb-fixes". I've included it below. Fixing it on NeXT's would require having kernel source. It suffices to simply have no setuid shell scripts on the system. I'd rather not give information on how to exploit the bug. ------------------------------------------------------------ Subject: setuid/setgid shell scripts are a security risk Index: sys/kern_exec.c 4.3BSD Description: Setuid/setgid shell scripts have inherent problems that may be used to violate security. These problems cannot be fixed without completely revising the semantics of executable shell scripts. Fix: Panel your office in asbestos, and apply the following patch to sys/kern_exec.c. *** kern_exec.c.orig Sun May 22 14:07:19 1988 --- kern_exec.c.new Sun May 22 14:07:55 1988 *************** *** 180,185 **** --- 180,187 ---- bcopy((caddr_t)ndp->ni_dent.d_name, (caddr_t)cfname, MAXCOMLEN); cfname[MAXCOMLEN] = '\0'; + uid = u.u_uid; + gid = u.u_gid; goto again; } -- _.John G. Myers Internet: jgm@fed.expres.cs.cmu.edu (412) 268-2984 LoseNet: ...!seismo!ihnp4!wiscvm.wisc.edu!give!up