ruck@reef.cis.ufl.edu (John Ruckstuhl) (06/03/91)
In article <28895@uflorida.cis.ufl.EDU> I writes: >I accept that an suid-to-root shell script is a Bad Thing, but I am not >sophisticated enough to know *all* the reasons why. >Can one avoid the security problems by root-id account which specifies a >shell-script rather than an interactive shell in its passwd entry? >I think this prevents the script from inheriting environment variables >except TERM. >I have seen such a thing suggested publicly in another newsgroup or >mailing list and not be rebutted. But then I wonder if "su restart_XYZ" >inherits an environment and makes this method dangerous. It's been kindly pointed out to me that yes, the possibility of an "su restart_XYZ" does make this method as dangerous as an suid-to-root shell script. Thanks to Jeff Beadle (jeff@onion.rain.com) for explaining this and a reason why such things are dangerous. Best Regards, ruck. -- John R Ruckstuhl, Jr ruck@alpha.ee.ufl.edu Dept of Electrical Engineering ruck@cis.ufl.edu, uflorida!ruck University of Florida ruck%sphere@cis.ufl.edu, sphere!ruck