System V Release 4 ...

[Bevis King]

in article <10421 at tekecs.TEK.COM> andrew at tekecs.TEK.COM says:
>SHELLS
> ...
>The kernel will be able to exec shell scripts which begin with "#!".
>The setuid/setgid bits for such files will be ignored.

These comments nearly started a riot.  Being of a "System V's ok if you
add quite a lot of Berkeley bits to it" pursuasion, I had a flaming row
with a Sun-freak "Berkeley is best, system V is so broken it's worse than
MS-DOS".

I interpretted the above to mean "setuid/setgid" shells can only be run
by the default shell, and any attempt to change from that results in the
setuid/setgid being ignored.

Consider this example:  a root shell script is written by a systems 
programmer who thinks tcsh is the best thing since sliced bread (NO
FLAMES PLEASE - I HAVE NOT EXPRESSED AN OPINION EITHER WAY).  It needs
to be setuid/setgid for some reason.  On most systems tcsh is in
/usr/local/bin, which in many systems is publicly writable to encourage
people to put their ports of PDSoft up.  Someone can easily place a
trojan horse in place of /usr/local/bin/tcsh and get root permission.
/bin should never be publicly writable, after all thats what /usr/local/bin
is all about.

He believes that AT&T (or is it Sun - no can't be Sun, he worships the
ground they walk on) have removed all setuid/setgid abilities from all
shell scripts EVER. (PERIOD, FULL STOP, etc).

Which of us is right?  Am I being to kind to AT&T, and this is really
broke?  Or, is he just overacting because the words System V were
mentioned?

Tell us please, or the wars will continue...

Thanks, Bevis

Disclaimer:
These are my views, many disagree with them, often loudly :-)

Bevis King, Systems Programmer        |   Email:  brwk at doc.ic.ac.uk
Dept of Computing, Imperial College   |   UUCP :  ..!mcvax!ukc!icdoc!brwk
180 Queens Gate, London, SW7 2BZ, UK. |   Voice:  +44 1 589 5111 x 5085
          "Never argue with a computer" ... Avon (Blake's 7)