Secure setuid shell scripts

[Chris Torek]

In article <4409 at bsu-cs.UUCP> dhesi at bsu-cs.UUCP (Rahul Dhesi) asks:
>If a 4.3BSD system has not been patched to disallow set-user-id shell
>scripts, but root uses no set-user-id scripts, does a security hole
>still exist that will allow an unprivileged user to obtain root
>privileges?

If I can modify that to `... but there are no set-user-id scripts that
set the user ID to root', the answer is no (discounting other avenues,
e.g., the `::0:0:::' entries sometimes found in /etc/passwd).  If the
system has not been patched, and there is a set-ID script somewhere,
that script can be used as the basis for gaining the privileges granted
by that ID (user or group) in a way that the author of the script most
likely did not intend.
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris at mimsy.umd.edu	Path:	uunet!mimsy!chris