2 shell questions before the new year
Doug Gwyn <gwyn>
gwyn at brl-tgr.ARPA
Fri Jan 11 03:58:00 AEST 1985
> Unless you've fixed your kernel, if you have setuid shell scripts you
> have a security hole. Don't send me mail asking what it is.
One should be careful for ANY security-related code to check for
loopholes. This means, in C code, argc == 0, PATH=funny_places,
signals in critical places, fd 0, 1, and/or 2 not opened, etc.
For shell scripts, one should ALWAYS set PATH=wherever and if
security-critical set IFS=standard_whitespace and catch traps.
More information about the Comp.unix
mailing list