Re: setuid scripts in SunOS 4.1.x

[harold () sara nl (Harold van Aalderen)]

In message <199409262012.QAA04662 () nasirc hq nasa gov> you write:
> Since the problem is in /bin/sh, that is where it should be solved, or
> at least avoided.  If you across-the-board disable all set-uid shell
> interpreters, that will infuriate the few who do it right, and remove
> any motivation for others to do it correctly.

The problem is not in /bin/sh but in the kernel. It really doesn't matter
which interpreter you execute. Interpreters are useally not designed to
execute with euid 0, there are just to many ways to manipulate them.
The magic token '#!' that signals the kernel to execute an interpreter is
something that should not be combined with suid permissions.

So the proper place to fix the problem is the kernel.

Suidperl clames to be the rare exception to the rule. Personally I 
don't trust it. It is hard enough to make a C program suid save.

> -----
> Fred Blonder          fred () nasirc hq nasa gov
>
> Hughes STX Corp.      (301) 441-4079
> 7701 Greenbelt Rd.
> Greenbelt, Md.  20770



Harold van Aalderen                           |email: harold () sara nl
system programmer/site security contact       | 
SARA (Academic Computing Services Amsterdam)  |phone: +31 20 5923000
PO Box 94613 1090 GP Amsterdam The Netherlands|fax  : +31 20 6683167