Re: setuid scripts in SunOS 4.1.x

Fred Blonder (fred@nasirc.hq.nasa.gov)
Mon, 26 Sep 1994 16:12:32 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Harold van Aalderen: "Re: setuid scripts in SunOS 4.1.x"
Previous message: John Hawkinson: "Re: setuid scripts in SunOS 4.1.x"
In reply to: John Hawkinson: "Re: setuid scripts in SunOS 4.1.x"
Next in thread: Paul O'Donnell: "Re: setuid scripts in SunOS 4.1.x"

	From: John Hawkinson <jhawk@panix.com>

		.
		.
		.

	The "correct" thing to do is to patch kern_exec.c (kern_exec.o).

		.
		.
		.

Ummm, then how's it going to cope with set-uid perl scripts, which ARE
rumored to be secure?  You could have a table of 'ok shell
interpreters' in the kernel, but that would be extremely ugly.

Since the problem is in /bin/sh, that is where it should be solved, or
at least avoided.  If you across-the-board disable all set-uid shell
interpreters, that will infuriate the few who do it right, and remove
any motivation for others to do it correctly.
-----
Fred Blonder		fred@nasirc.hq.nasa.gov

Hughes STX Corp.	(301) 441-4079
7701 Greenbelt Rd.
Greenbelt, Md.  20770

Next message: Harold van Aalderen: "Re: setuid scripts in SunOS 4.1.x"
Previous message: John Hawkinson: "Re: setuid scripts in SunOS 4.1.x"
In reply to: John Hawkinson: "Re: setuid scripts in SunOS 4.1.x"
Next in thread: Paul O'Donnell: "Re: setuid scripts in SunOS 4.1.x"