Secure setuid shell scripts
Stephen Carroll
sbc at sp7040.UUCP
Sat Oct 22 01:57:34 AEST 1988
In article <14069 at mimsy.UUCP>, chris at mimsy.UUCP (Chris Torek) writes:
] In article <4409 at bsu-cs.UUCP> dhesi at bsu-cs.UUCP (Rahul Dhesi) asks:
] >If a 4.3BSD system has not been patched to disallow set-user-id shell
] >scripts, but root uses no set-user-id scripts, does a security hole
] >still exist that will allow an unprivileged user to obtain root
] >privileges?
]
] If I can modify that to `... but there are no set-user-id scripts that
] set the user ID to root', the answer is no (discounting other avenues,
] e.g., the `::0:0:::' entries sometimes found in /etc/passwd). If the
] system has not been patched, and there is a set-ID script somewhere,
] that script can be used as the basis for gaining the privileges granted
] by that ID (user or group) in a way that the author of the script most
] likely did not intend.
] --
just one question. Is this problem a security hole for only BSD systems,
or does it exist on other SVID type systems or others?
Stephen B. Carroll
UUCP: ...!{ hpda | sun }!sp7040!sbc
More information about the Comp.unix.wizards
mailing list