How secure are shell scripts? (summary)
Jim Burns
gt0178a at prism.gatech.EDU
Fri Oct 12 16:03:06 AEST 1990
in article <JIM.90Oct11150613 at baird.cs.strath.ac.uk>, jim at cs.strath.ac.uk (Jim Reid) says:
> The hack by HP is precisely that: a hack. It fixes one or two possible
> problems, but not them all. (For instance doing naughty things with
> (symbolic) links to the setuid shell script or replacing the file as
> it is being exec'ed....) The end result of that is a false illusion
> that setuid ksh scripts are secure. Misguided individuals then make
The first problem can be handled by starting w/'#!/bin/ksh -'. As for the
second, I personally don't have the patience to sit there at adjoining
terminals and try to swap files fast enough. It's like securing your car
or home - all you can do is make it harder, not impossible. If it isn't
setuid scripts that are being exploited, it will be something else.
--
BURNS,JIM
Georgia Institute of Technology, Box 30178, Atlanta Georgia, 30332
uucp: ...!{decvax,hplabs,ncar,purdue,rutgers}!gatech!prism!gt0178a
Internet: gt0178a at prism.gatech.edu
More information about the Comp.unix.questions
mailing list