security w/ root-id login to a sh-script

John Ruckstuhl ruck at reef.cis.ufl.edu
Mon Jun 3 10:16:01 AEST 1991


In article <28895 at uflorida.cis.ufl.EDU> I writes:
>I accept that an suid-to-root shell script is a Bad Thing, but I am not
>sophisticated enough to know *all* the reasons why.

>Can one avoid the security problems by root-id account which specifies a
>shell-script rather than an interactive shell in its passwd entry?
>I think this prevents the script from inheriting environment variables
>except TERM.

>I have seen such a thing suggested publicly in another newsgroup or
>mailing list and not be rebutted.  But then I wonder if "su restart_XYZ"
>inherits an environment and makes this method dangerous.

It's been kindly pointed out to me that yes, the possibility of an
"su restart_XYZ" does make this method as dangerous as an suid-to-root
shell script.  Thanks to Jeff Beadle (jeff at onion.rain.com) for
explaining this and a reason why such things are dangerous.

Best Regards,
ruck.
-- 
John R Ruckstuhl, Jr			ruck at alpha.ee.ufl.edu
Dept of Electrical Engineering		ruck at cis.ufl.edu, uflorida!ruck
University of Florida			ruck%sphere at cis.ufl.edu, sphere!ruck



More information about the Comp.unix.questions mailing list