System V Release 4 ...
Chris Torek
chris at mimsy.UUCP
Thu Oct 13 00:55:33 AEST 1988
>in article <10421 at tekecs.TEK.COM> andrew at tekecs.TEK.COM says:
>>The [SVR4] kernel will be able to exec shell scripts which begin
>>with "#!". The setuid/setgid bits for such files will be ignored.
In article <467 at gould.doc.ic.ac.uk> brwk at doc.ic.ac.uk (Bevis King) writes:
>I interpretted the above to mean "setuid/setgid" shells can only be run
>by the default shell, and any attempt to change from that results in the
>setuid/setgid being ignored. [Someone else] believes that AT&T (or is
>it Sun - no can't be Sun, he worships the ground they walk on) have
>removed all setuid/setgid abilities from all shell scripts EVER. ...
You are both wrong :-)
It was Berkeley; AT&T and Sun will do it (did it in SunOS4.0?) for the
same reason. The set-ID bits on shell scripts are always ignored.
A set-ID binary can, of course, run a shell script, although the
disable in 4.3BSD-tahoe makes this ugly: you have to setre[gu]id first.
There is a large and nasty (but very friendly-looking) bug hiding behind
set-ID shell scripts. The bug is embedded in the file system semantics.
(Actually, I do know how to fix it, even under NFS, though it is not
pretty, and I have never really liked set-ID scripts anyway.)
--
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain: chris at mimsy.umd.edu Path: uunet!mimsy!chris
More information about the Comp.unix.wizards
mailing list