show me
Richard A. O'Keefe
ok at quintus.uucp
Sat Aug 6 06:37:05 AEST 1988
In article <5030 at vdsvax.steinmetz.ge.com> barnett at steinmetz.ge.com (Bruce G. Barnett) writes:
:Just to give you a taste of the types of problems with setuid shell scripts,
:>have you considered:
: 1. People can alias '/bin/cat' in their .cshrc
[and several others]
It is already the case that some systems refuse to run setuid csh scripts
unless they have the -b flag, perhaps they should require -f as well:
#!/bin/csh -fb
so that no .cshrc file will be read. (Of course there is still chroot plus
links to watch out for...)
More information about the Comp.unix.wizards
mailing list