Re: setuid scripts in SunOS 4.1.x

John Hawkinson (jhawk@panix.com)
Fri, 23 Sep 1994 00:27:50 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Karl Strickland: "Re: setuid scripts in SunOS 4.1.x"
Previous message: Colin Campbell: "Re: setuid scripts in SunOS 4.1.x"
In reply to: Colin Campbell: "Re: setuid scripts in SunOS 4.1.x"
Next in thread: Karl Strickland: "Re: setuid scripts in SunOS 4.1.x"

> > The best solution is to make sure you don't have suid shell scripts
> > Cops does a fine job in finding them for you so does:
> > 
> > find /   \( -type d -fstype nfs -prune \) -o -type f \( -perm -4001 -o -perm
> >  -4010 -o -perm -4100 -o -perm -2100 -o -perm -2010 -o -perm -2001 \)
> > 
> > If I remeber correctly SunOS 4.1.x is just one of those UNIX systems that
> > allows suid shell scripts. I don't think this will be 'fixed'.
> > But you can always try to mail security-alert@Sun.COM.
> > 
> > 
> Of course you can always mount your filesystems `nosuid'.

The "correct" thing to do is to patch kern_exec.c (kern_exec.o).
This is nontrivial if you don't have source. It's trivial
if you do (I don't). No one has done this publically as of yet.

Thinking about it, I wonder if the BSD kern_exec is "good enough".
If so, perhaps it could be substituted. Anyone? (Casper?)

--
John Hawkinson
jhawk@panix.com

Next message: Karl Strickland: "Re: setuid scripts in SunOS 4.1.x"
Previous message: Colin Campbell: "Re: setuid scripts in SunOS 4.1.x"
In reply to: Colin Campbell: "Re: setuid scripts in SunOS 4.1.x"
Next in thread: Karl Strickland: "Re: setuid scripts in SunOS 4.1.x"