setuid shell scripts
Stephen J. Hartley
hartley at uvm-gen.UUCP
Tue Dec 2 00:57:29 AEST 1986
< Summary: unconditionally insecure
< Posted: Sat Nov 29 23:25:37 1986
<
< In case it is not COMPLETELY clear yet: the example can be shortened to
< #!/bin/sh
<
< i.e. no commands at all, and it still gives the opportunist an unrestricted
< setuid shell, just by running it with argv[0] starting with "-", which can
< be typed in a few seconds. This is true of both sh and csh, with or without
< -f. The only way to prevent this abuse is to not allow execute access.
<
Does this hole still exist in 4.3 BSD? I thought it had been fixed.
--
Department of Computer Science and Elec. Eng. Stephen J. Hartley
USENET: {decvax,ihnp4}!dartvax!uvm-gen!uvm-cs!hartley University of Vermont
CSNET: hartley%uvm at csnet-relay (802) 656-3330, 862-5323
More information about the Comp.unix.questions
mailing list