Security and set[ug]id shell scripts

[John Pierce]

In net.unix it has been pointed out that set[ug]id shell scripts can be made,
that there are major security problems with them, and a hint as to how to find
those problems was given.  Conversations with various people indicate that at
least one problem with such scripts in 4.xBSD and System V is not really well
known.  I assume the problem exists in any other UNIX system that honors
set[ug]id mode bits for shell scripts, but I do not know that for certain.

For those of you who don't know of such a security problem, I will respond to
mail from "root" with mail back to "root" that explains the nature of one
problem with them.  I will also give examples of fixes for the shells that
eliminates it (kernel fixes are not really necessary, but may be desirable
in some environments).  I do not know of a fix for binary-only sites beyond
awarness and screaming at your vendor to fix things (or finding someone to
give you compiled versions of fixed shells).

Mail from individual users will be ignored unless (1) they are listed as site
managers in the USENET map information, (2) I know them or someone I trust
vouches for them, or (3) they are able to provide *very* convincing reasons
as to why they should know about this problem and can't get their local guru
to enlighten them.

				John Pierce, Chemsitry, UC San Diego
				[ucbvax!]sdcsvax!sdchema!jwp
				decvax!sdchema!jwp