jwp@sdchema.UUCP (John Pierce) (01/15/85)
In net.unix it has been pointed out that set[ug]id shell scripts can be made, that there are major security problems with them, and a hint as to how to find those problems was given. Conversations with various people indicate that at least one problem with such scripts in 4.xBSD and System V is not really well known. I assume the problem exists in any other UNIX system that honors set[ug]id mode bits for shell scripts, but I do not know that for certain. For those of you who don't know of such a security problem, I will respond to mail from "root" with mail back to "root" that explains the nature of one problem with them. I will also give examples of fixes for the shells that eliminates it (kernel fixes are not really necessary, but may be desirable in some environments). I do not know of a fix for binary-only sites beyond awarness and screaming at your vendor to fix things (or finding someone to give you compiled versions of fixed shells). Mail from individual users will be ignored unless (1) they are listed as site managers in the USENET map information, (2) I know them or someone I trust vouches for them, or (3) they are able to provide *very* convincing reasons as to why they should know about this problem and can't get their local guru to enlighten them. John Pierce, Chemsitry, UC San Diego [ucbvax!]sdcsvax!sdchema!jwp decvax!sdchema!jwp