Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!nntp.coast.net!howland.reston.ans.net!Germany.EU.net!zib-berlin.de!news.tu-chemnitz.de!irz401!uriah.heep!news From: j@uriah.heep.sax.de (J Wunsch) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: execve() ignores shell script setuid bit Date: 21 Jan 1996 22:26:55 GMT Organization: Private BSD site, Dresden Lines: 21 Message-ID: <4duejf$shb@uriah.heep.sax.de> References: <30FEC809.167EB0E7@lasorda.princeton.edu> <4drojg$oj@park.uvsc.edu> Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) NNTP-Posting-Host: localhost.heep.sax.de Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Newsreader: knews 0.9.3 Terry Lambert <terry@lambert.org> writes: (suid-wrapper) > Obviously, this still leaves a number of possible holes which > a hacker could driver his truck through -- you'd be better of > rewriting the whole thing as a C program... assuming you really > need SUID in the first place, and can't solve the problem some > other way. Alternatively, pick Perl. It performs a number of security tests of its own before allowing ``dangerous'' operations. I consider it even safer as a setuid C program, since it prevents the creator from several commonly known pitfalls. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)