Are suid shell scripts using /bin/csh secure
attcan!utzoo!henry at uunet.uu.net
attcan!utzoo!henry at uunet.uu.net
Fri Mar 31 12:27:26 AEST 1989
>I know of three common modes of attack on set-uid shell scripts, all of
>which I have failed to apply successfully to reasonably written shell
>scripts under /bin/csh...
>The question is, are there any other ways in which shell scripts can be
>broken, and which shells do they apply to?
The real question is, are you confident that there *aren't* any others?
If not, then you cannot consider setuid shell scripts using /bin/csh to be
secure. The fundamental security problem with setuid shell scripts is
simply that the shells are complex command interpreters which depend on
their environment in complicated ways and were not built for security.
There's just no way to be sure that the last hole has been found.
(If you want another one to check out... Can csh be tricked, by invoking
it with suitable arguments, into running the equivalent of a .profile
before running the script?)
Henry Spencer at U of Toronto Zoology
uunet!attcan!utzoo!henry henry at zoo.toronto.edu
More information about the Comp.sys.sun
mailing list