Return to BSD News archive
Path: sserve!manuel.anu.edu.au!munnari.oz.au!network.ucsd.edu!news.acns.nwu.edu!zaphod.mps.ohio-state.edu!swrinde!sdd.hp.com!wupost!usc!sol.ctr.columbia.edu!eff!world!ksr!jfw From: jfw@ksr.com (John F. Woods) Newsgroups: comp.unix.bsd Subject: Re: [386bsd] Fix for kern_execve to allow suid/sgid shellscipts Message-ID: <19694@ksr.com> Date: 4 Dec 92 14:55:05 EST References: <4165@wzv.win.tue.nl> <veit.723491073@du9ds3> Sender: news@ksr.com Lines: 16 veit@du9ds3 (Holger Veit) writes: >In <4165@wzv.win.tue.nl> guido@gvr.win.tue.nl (Guido van Rooij) writes: >>I noticed that suid/sgid shellscripts dont work with the current >>kern_execve.c. I made a quick hack to do so. >>Whenever a shellscript is found, the shell inherits the uid/gid >>(if one of the sbits was set of course). It's a quick hack >>as I said, but it works (so it seems ;-)) >>Comments are welcome. >No criticism of your code, but: there have been endless discussions about >the possible security leak that is opened by a badly-written suid >shellscript. Is this something we could really want? Set-uid scripts are often extremely handy. Perhaps this could be made an option which could be enabled and disabled by a script that would also install a script which takes advantage of the hole and informs you of this fact to remind you of the dangers ;-).