dgk@ulysses.UUCP (David Korn) (05/07/86)
I am seriously considering modifying Korn shell and adding a suid program to handle shell scripts that have execute permission and no read permission, and to handle setuid/setgid scripts without relying of the operating system to look for the #! magic number. Since shell procedures are supposed to behave like a.outs, why should read permission be required anyway? I have already closed the security holes created by the IFS, PATH and SHELL variables, and profiles in ksh and I am reluctant to add this feature if this creates new security holes. The implementation allows this feature to be disabled at run time by an administrator. Are there any other security problems with setuid/setgid shell scripts? Is this feature worthwhile? Is there any reason why this hasn't been implemented before? (Especially execute only scripts which don't seem to create a security problem). David Korn ulysses!dgk