*BSD News Article 8595


Return to BSD News archive

Path: sserve!manuel.anu.edu.au!munnari.oz.au!news.hawaii.edu!ames!sun-barr!cs.utexas.edu!zaphod.mps.ohio-state.edu!darwin.sura.net!paladin.american.edu!news.univie.ac.at!hp4at!mcsun!Germany.EU.net!unidui!du9ds3!veit
From: veit@du9ds3 (Holger Veit)
Newsgroups: comp.unix.bsd
Subject: Re: [386bsd] Fix for kern_execve to allow suid/sgid shellscipts
Date: 4 Dec 92 17:44:33 GMT
Organization: Uni-Duisburg FB9 Datenverarbeitung
Lines: 20
Message-ID: <veit.723491073@du9ds3>
References: <4165@wzv.win.tue.nl>
Reply-To: veit@du9ds3.fb9dv.uni-duisburg.de
NNTP-Posting-Host: du9ds3.fb9dv.uni-duisburg.de

In <4165@wzv.win.tue.nl> guido@gvr.win.tue.nl (Guido van Rooij) writes:

>I noticed that suid/sgid shellscripts dont work with the current 
>kern_execve.c. I made a quick hack to do so.
>Whenever a shellscript is found, the shell inherits the uid/gid
>(if one of the sbits was set of course). It's a quick hack
>as I said, but it works (so it seems ;-))
>Comments are welcome.

No criticism of your code, but: there have been endless discussions about
the possible security leak that is opened by a badly-written suid 
shellscript. Is this something we could really want?

Holger

-- 
|  |   / Dr. Holger Veit         | INTERNET: veit@du9ds3.fb9dv.uni-duisburg.de
|__|  /  University of Duisburg  | "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|  | /   Dept. of Electr. Eng.   |   Sorry, the above really good fortune has
|  |/    Inst. f. Dataprocessing |      been CENSORED because of obscenity"