ptb@Mitre-Bedford@sri-unix (11/22/82)
Date: Thu Nov 18 13:48:03 1982 The C shell interface can be used to make shell programs that run setuid to any uid (even root). However, there are a few different security problems that can result. One of these has been pointed out earlier, that it is possible for someone to substitute one of their commands with a strange PATH variable. The fix for this has already been addressed, so I wont go into it now. There is another potential exposure that seems to be unique to the C shell, and how it can run setuid programs. The environment variable "HOME" is not changed upon executing the C shell, and therefore the user's own .cshrc is executed before the C shell program takes control. This can cause all kinds of problems. To prevent it, do the following: 1) Have the first line be "#! /bin/csh -f" to supress the execution of the .cshrc file; and 2) Also use the "setenv HOME /" command to protect subsequently invoked commands. Peter Baldwin Mitre-Bedford System Software