2 shell questions before the new year
Henry Spencer
henry at utzoo.UUCP
Thu Jan 10 03:59:30 AEST 1985
> The advantages of directly-execable scripts are two-fold. ...
> ... Second, the set-uid and set-gid bits
> are honored. Voila! Set-uid shell scripts!
Of course, as we all (should) know, setuid shell scripts are terminally
insecure. The shell is just too complex, and there are too many ways
to subvert it into doing things that the author of a (setuid) shell
script did not intend. There are things that will help, like being
careful to standardize PATH and having your shell refuse to import a
non-standard value of IFS, but those aren't the only problems.
--
Henry Spencer @ U of Toronto Zoology
{allegra,ihnp4,linus,decvax}!utzoo!henry
More information about the Comp.unix
mailing list