Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: setuid scripts in SunOS 4.1.x

From: fred () nasirc hq nasa gov (Fred Blonder)
Date: Tue, 27 Sep 1994 12:33:59 -0400

Well, now that I've been trounced upon by several of you folks,  ;-) I
realize that that by 'fixing the kernel' I was (mistakenly) assuming
that what was meant was 'disable set-uid interpreter scripts'.  It was
disabling them entirely that I disagree with.  Yes, I am aware of the
race condition with such scripts, and agree that it needs to be solved
before such scripts have any hope of being considered 'safe'.

My apologies for spouting off so quickly.

I still would prefer that the set-uid mechanism be made to work
reliably, rather than merely disabling it because it's unsafe in its
current incarnation, and yes, I agree that some of the changes must be
made in the kernel.

While we're on the subject: What should happen if you have a set-uid
interpreter script and the interpreter it invokes is also set-uid to a
different uid?  This is a philosophical point, so I suppose the
discussion should be moved to some other list or newsgroup.
-----
Fred Blonder            fred () nasirc hq nasa gov

Hughes STX Corp.        (301) 441-4079
7701 Greenbelt Rd.
Greenbelt, Md.  20770
Previous By Date Next
Previous By Thread Next

Current thread: