*BSD News Article 9846


Return to BSD News archive

Received: by minnie.vk1xwt.ampr.org with NNTP
	id AA6646 ; Mon, 11 Jan 93 19:04:01 EST
Path: sserve!manuel.anu.edu.au!dubhe.anu.edu.au!csis!munnari.oz.au!sgiblab!swrinde!cs.utexas.edu!uunet!mcsun!sun4nl!tuegate.tue.nl!svin09!wzv!gvr.win.tue.nl!guido
From: guido@gvr.win.tue.nl (Guido van Rooij)
Newsgroups: comp.unix.bsd
Subject: Re: kern_execve.c (patch)
Keywords: patch kern_execve.c #!
Message-ID: <4347@wzv.win.tue.nl>
Date: 12 Jan 93 22:03:47 GMT
References: <1isforINNbb7@urmel.informatik.rwth-aachen.de> <4346@wzv.win.tue.nl>
Sender: news@wzv.win.tue.nl
Lines: 11

guido@gvr.win.tue.nl (Guido van Rooij) writes:

>As I posted before, now it isn't dangerous anymore to put in suid/sgid
>shell-script possibilities, since you can easily overcome the well-known
>"linking to -i" bug, by altering the #! line into #!<shell> -
This last is true, but I was wrong about saying that thsi solves all
problems with suid/sgid scripts. Maybe someone else can take effort
to change the code such that it doesn't pass the scripts name to
the shell, but in stead opens the file and pass the file handle?

-Guido