setuid shell scripts
Arthur David Olson
ado at elsie.UUCP
Wed Dec 3 14:11:21 AEST 1986
> *Never* have setuid shell scripts on a BSD4.x system unless a)
> you don't care who breaks into your machine (some people don't) or b)
> you have installed a kernel-kludge to plug the security hole. Does
> anyone have diffs for this they can post?
For those without kernel source but with a compelling need for set-user-id
script, a workaround is to begin scripts this way:
#! /bin/sh /the/name/of/the/script/itself
shift
So, for example, a script named "/etc/adduser" would begin
#! /bin/sh /etc/adduser
shift
Of course, you still get to deal with PATH, IFS, and other such issues in
the script itself.
--
UNIX is a registered trademark of AT&T.
PATH is a trademark of the Port Authority Trans-Hudson.
The set-user-id bit is a patented inspiration of Dennis Ritchie.
Sh is a trademark of the American Librarians Association.
--
UUCP: ..decvax!seismo!elsie!ado ARPA: elsie!ado at seismo.ARPA
DEC, VAX, Elsie & Ado are Digital, Borden & Ampex trademarks.
More information about the Comp.unix.questions
mailing list