what are the implications of shell doing setuid(getuid())?
Doug Gwyn <gwyn>
gwyn at brl-tgr.ARPA
Tue Sep 17 07:03:01 AEST 1985
> I was recently asked what the implications would be of having the shell do a
> setuid(getuid()) and setgid(getgid()) as soon as it's invoked. The reason is
> to try and plug up any security holes caused by set[ug]id programs that
> invoke system(3C) or popen(3S). What tools are there that anyone knows of
> that would be broken if this change were made, locally, or for real?
cpio, find, & sdiff all use popen() and tar uses system().
Your proposed change could break their operation when these
utilities are run privileged. There are many other loopholes
of equal or greater concern than "sh -c" that your shell
mod would not take care of. This seems like the wrong place
to try to enforce security.
More information about the Comp.unix.wizards
mailing list