From: utzoo!decvax!yale-com!brunix!mjb
Newsgroups: net.unix-wizards
Title: Re: More on SUID and exec
Article-I.D.: brunix.1535
Posted: Mon Feb 14 14:23:46 1983
Received: Thu Feb 17 01:33:41 1983
References: mitccc.309,spanky.201

The problem you mention re. shell escapes is one with rogue, if it exists.
After forking to exec a shell for a !, all programs should do:

	setuid(getuid());
	setgid(getgid());

to prevent exactly what you described. (Note: I am speaking for 4.1BSD, where
the '!' convention should be eliminated anyway and everyone forced to use
csh and ^Z instead, but that'll never happen.)

Mike Braca,  ..!decvax!brunix!mjb, mjb.brown@udel-relay