setuid shell scripts
G. Ewing
greg at cantuar.UUCP
Mon Nov 14 11:23:26 AEST 1988
Sigh... confusion still abounds. I have received various replies
of the form:
Maarten Litmaath (maart at cs.vu.nl) writes:
>In article <850 at cantuar.UUCP> greg at cantuar.UUCP (G. Ewing) writes:
>\ (A) The shell checks the owner and set{u,g}id bits of the
>Safe.
>\ (B) The "shell" isn't a shell or interpreter at all, and
>Safe.
>\ (C) The "shell" consists of the following program:
>Special case of 2.
On the other hand, I've also had replies such as
(sorry, I don't know the sender's name in real life):
>From: <watmath!clyde!ulysses!smb>
>None of those things prevent the bug, I'm afraid, not singly, and not
>in combination.
and Chris Torek indicated in an earlier posting that there was a
problem that was *completely independent* of shell semantics.
Presumably this means that it doesn't matter if the shell isn't
a shell.
Maarten Litmaath again:
>\removing the setuid-#! facility is wrong.
>Questionable; every interpreter would have to take care of things, while
>it should be the kernel who's getting them straight.
I'd be quite happy for the kernel to do it right. I was just saying that
disabling the facility altogether might be overkill.
Or it might not.
Can you shed any light, Chris?
Greg Ewing Internet: greg at cantuar.uucp
Spearnet: greg at nz.ac.cantuar Telecom: +64 3 667 001 x8357
UUCP: ...!{watmath,munnari,mcvax,vuwcomp}!cantuar!greg
Post: Computer Science Dept, Univ. of Canterbury, Christchurch, New Zealand
Disclaimer: The presence of this disclaimer in no way implies any disclaimer.
More information about the Comp.unix.wizards
mailing list