Secure setuid shell scripts
Guy Harris
guy at auspex.UUCP
Fri Oct 28 04:01:24 AEST 1988
>One question. What does an
>
>execl("/bin/sh", "/bin/sh", "-", "-i", 0);
>
>do.
It probably fails on machines where the bit pattern for the "int" value
0 is not the same (either in size or in bit content) as the bit pattern
for a null "char *", but that's neither here nor there....
>I.e. what happens when the first line is:
>
>#! /bin/sh -
>
>rather than plain old:
>
>#! /bin/sh
It makes the shell not get confused if you run the script with a name
beginning with "-". Thus, this is a Good Thing To Do. However....
>This closes up the security hole very nicely here (unless there's some
>sneaky way of getting in that I didn't know about).
You're thinking of a different security hole. Adding the "-" flag
doesn't do a damn thing for the one I suspect most of us are thinking
of. That one is caused by a more subtle problem (one which most of us
discussing it didn't know about until it was pointed out to us, I
suspect - I sure didn't).
More information about the Comp.unix.wizards
mailing list