System V Release 4 ...
Guy Harris
guy at auspex.UUCP
Thu Oct 20 03:17:41 AEST 1988
>It's not even obvious that such a claim is credible.
Such a claim is credible. On most UNIX systems supporting "#!"
executables, if that system supports set-UID "#!" scripts, there exists
a program that can, given the existence of a set-UID shell script that
can be executed by user X, permit user X to run any other shell script
set-UID to that user - *regardless* of what the underlying set-UID shell
script does, or what shell it uses! The problem isn't with the language
in which the script is written, it's with the "#!" mechanism itself.
I've seen the program do precisely that.
More information about the Comp.unix.wizards
mailing list