Secure setuid shell scripts
Chris Torek
chris at mimsy.UUCP
Thu Oct 27 04:46:24 AEST 1988
In article <307 at lakart.UUCP> dg at lakart.UUCP (David Goodenough) suggests:
-#! /bin/sh -
-rather than plain old:
-#! /bin/sh
-This closes up the security hole very nicely here (unless there's some
-sneaky way of getting in that I didn't know about).
Yes, there is a sneaky way that you did not know about.
-it was suggested that if no symbolic links existed, then by denying
-write permission to general users on all filesystems where suid 0 reside
-the problem could be reduced.
That would work around this particular bug.
-As an aside on the IFS problem: the following is taken from man 1 sh:
- IFS Internal field separators, normally space, tab,
- and newline. IFS is ignored if sh is running as
- root or if the effective user id differs from the
- real user id.
IFS should *never* be imported; with any luck I may get this fixed in
4.4BSD.
--
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain: chris at mimsy.umd.edu Path: uunet!mimsy!chris
More information about the Comp.unix.wizards
mailing list