suid doesn't work

srs!matt at uhura.cc.rochester.edu srs!matt at uhura.cc.rochester.edu
Wed Feb 1 05:45:25 AEST 1989 

In v7n117, our moderator answers:
>If the text file starts with the two characters "#!", then the *kernel*
>takes the remainder of the line to be the name of an interpretive program
>(it also allows one argument to be passed---see the manual page for
>"execve(2)").

Although the "one argument" limitation may be true on every other 4.3
based OS (I don't really know since I've only dealt with Suns), it just
isn't so for SunOS (up to 3.2 at least).  For example, take the following
shellscript:

    #!/bin/csh -f -x
    #!/bin/csh -f -e -x
    #!/bin/csh -f -e
    echo hello
    cat XXXX
    echo hello

Assuming "XXXX" is NOT present, the output is:

    echo hello
    hello
    cat XXXX
    XXXX: No such file or directory
    echo hello
    hello

Now, delete the first line of the script, leaving the "#!/bin/csh -f -e -x" as
the new first line, this gives:

    echo hello
    hello
    cat XXXX
    XXXX: No such file or directory

Finally, remove the first line again, leaving "#!/bin/csh -f -e", this gives:

    hello
    XXXX: No such file or directory

I've tried this with other programs (like "#!/usr/ucb/more -c -d") with
the same result.

-----
Matt Goheen
uucp:		{rutgers,ames}!rochester!srs!matt, matt at srs.uucp
internet:	srs!matt at cs.rochester.edu, matt%srs.uucp at harvard.harvard.edu

[[ Sorry, but it doesn't prove your assumption.  And I *know* I'm right
this time. :-)  Try two things.  First, store your example in a file
called "hi".  Then type the command "/bin/csh '-f -x' <hi".  Guess what?
Both the "f" and the "x" flag get turned on.  To really drive the point
home, write a simple program that prints each argument out on a separate
line.  Then name the executable in a "#!" line, giving more than one
argument (such as "#!/home/you/a.out -a -b").  When I do this, no matter
what appears on the remainder of the line it all shows up in the first
argument.  The second argument is always the name of the executed file.
This is true under 3.2 and 4.0.1.  You just happened to choose a program
(/bin/csh) that is very forgiving when it scans its arguments.  If you
want to see an example closer to yours that really does fail, try using
the "-t" option to sort as the first argument and some other option as the
second (such as "#!/usr/bin/sort -t: -n").  --wnl ]]

More information about the Comp.sys.sun mailing list