suid doesn't work
prl at eiger.uucp
prl at eiger.uucp
Wed Feb 1 06:25:46 AEST 1989
But DON'T actually do this [[ setuid shells ]] if you want to keep your
system in any way secure. There is a kernel bug (in all Unixes with the #!
feature, not just SunOS) which allows set-uid shell scripts to be tricked
into allowing *any* commands to be executed setuid in place of the shell
script!!
DON'T DO IT!! See Maarten Litmaath's posting in
comp.sources.misc v05i097 for a probably secure way
of doing what you want.
I am surprised that wnl didn't warn about this problem.
[[ Wnl didn't warn about this problem because wnl wasn't aware of it.
Unfortunately, I don't have the time to ingest all the information (and
weed out the noise) that the net produces. Thank you for bringing it to
everyone's attention. --wnl ]]
--
Peter Lamb
uucp: uunet!mcvax!ethz!prl eunet: prl at ethz.uucp Tel: +411 256 5241
Integrated Systems Laboratory
ETH-Zentrum, 8092 Zurich
More information about the Comp.sys.sun
mailing list