show me

Maarten Litmaath maart at cs.vu.nl
Sat Jul 30 04:00:09 AEST 1988


In article <43200021 at uicsrd.csrd.uiuc.edu> kai at uicsrd.csrd.uiuc.edu writes:
\
\I've seen talk about how unsafe setuid shell scripts are, but haven't ever
\seen any examples that prove this.  Would someone please explain to me know
\why, as a system administrator, I shouldn't ever use setuid/setgid shell
\scripts?

It has been pointed out before: using any setuid root shell script one can
become root in 10 seconds...

\Are these problems specific to particular versions of UNIX,

Versions with the #! magic number, that's versions which have got setuid
shell scripts at all.

\or particular
\shell types (sh, csh, ksh, perl) or version of those shells?

sh and csh work, ksh (being a superset of sh) too I guess, I don't know about
perl.
Email for more info.
Regards.
-- 
If you enjoyed the recent heat wave,  |Maarten Litmaath @ Free U Amsterdam:
you'll certainly like the ozone gap...|maart at cs.vu.nl, mcvax!botter!maart



More information about the Comp.unix.wizards mailing list