Bugtraq mailing list archives
Re: setuid scripts in SunOS 4.1.x
From: fred () nasirc hq nasa gov (Fred Blonder)
Date: Mon, 26 Sep 1994 16:12:32 -0400
From: John Hawkinson <jhawk () panix com>
.
.
.
The "correct" thing to do is to patch kern_exec.c (kern_exec.o).
.
.
.
Ummm, then how's it going to cope with set-uid perl scripts, which ARE
rumored to be secure? You could have a table of 'ok shell
interpreters' in the kernel, but that would be extremely ugly.
Since the problem is in /bin/sh, that is where it should be solved, or
at least avoided. If you across-the-board disable all set-uid shell
interpreters, that will infuriate the few who do it right, and remove
any motivation for others to do it correctly.
-----
Fred Blonder fred () nasirc hq nasa gov
Hughes STX Corp. (301) 441-4079
7701 Greenbelt Rd.
Greenbelt, Md. 20770
Current thread:
- Re: setuid scripts in SunOS 4.1.x Richard Huddleston (Sep 21)
- <Possible follow-ups>
- Re: setuid scripts in SunOS 4.1.x Peter Jeremy (Sep 22)
- Re: setuid scripts in SunOS 4.1.x Colin Campbell (Sep 23)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 22)
- Re: setuid scripts in SunOS 4.1.x Karl Strickland (Sep 24)
- Re: setuid scripts in SunOS 4.1.x Fred Blonder (Sep 26)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 26)
- Re: setuid scripts in SunOS 4.1.x Harold van Aalderen (Sep 27)
- Re: setuid scripts in SunOS 4.1.x Rafi Sadowsky (Sep 27)
- Re: setuid scripts in SunOS 4.1.x Paul O'Donnell (Sep 27)
- Re: setuid scripts in SunOS 4.1.x Fred Blonder (Sep 27)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 27)
- Re: setuid scripts in SunOS 4.1.x Valdis.Kletnieks () vt edu (Apr 17)
- Re: setuid scripts in SunOS 4.1.x jmc () gnu ai mit edu (Sep 28)
- request Michel JACQUOT (Sep 29)
- Re: setuid scripts in SunOS 4.1.x Fred Blonder (Sep 28)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 22)