> > SUID shell scripts are traditionally insecure in unix environments. [...] > Also from my understanding, at least one Unix has solved this problem > by making a /dev/fd filesystem, [...] > Using the /dev/fd fs would remove the race condition, but the race isn't the only problem with setuid shell scripts. Unless the shell script writer is *very* careful (is it possible to be careful enough?), one can play around with PATH or IFS. If the script calls any non-statically linked executables, I think one can play around with LD_* variables on Suns. Finally, I believe any setuid shell script written for csh is irreparably broken: try TERM='`/bin/echo + + >/.rhosts`' csh-script There might be still more problems with setuid shell scripts which I've forgotten; hopefully someone more knowledgeable than I will point them out... ------------------------------------------------------------------------------- David Wagner dawagner@princeton.edu