set-id shell scripts vs security

Chris Torek chris at mimsy.UUCP
Tue Oct 18 19:05:55 AEST 1988


In article <13958 at mimsy.UUCP> I reminded everyone that
>>There is a large and nasty (but very friendly-looking) bug hiding behind
>>set-ID shell scripts.  The bug is embedded in the file system semantics.
>>(Actually, I do know how to fix it, even under NFS, though it is not
>>pretty, and I have never really liked set-ID scripts anyway.)

In article <109 at minya.UUCP> jc at minya.UUCP (John Chambers) writes:
>This is something I've been hearing for some time, and wondering when
>the people who understand the supposed security problem are going to
>enlighten the rest of us.

We would rather refrain from shouting it out to the world.

>... I'd sure like to know what it is about the shell programming
>languages ... that make them more risky than a C program.

Nothing in particular.  The bug is in the file system semantics.  If I
say anything more explicit I feel that it will `give away the store',
as they say.  But there is nothing particularly wrong with running a
script while set to some other ID; the problem has to do with running
a script that is itself set-id.  You might call it a kernel bug.
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris at mimsy.umd.edu	Path:	uunet!mimsy!chris



More information about the Comp.unix.wizards mailing list