Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site brl-tgr.ARPA
Path: utzoo!watmath!clyde!burl!ulysses!allegra!bellcore!decvax!genrad!teddy!panda!talcott!harvard!seismo!brl-tgr!tgr!ron@BRL-TGR
From: Ron Natalie  
Newsgroups: net.unix-wizards
Subject: Re:  Security and set[ug]id shell scripts
Message-ID: <7462@brl-tgr.ARPA>
Date: Thu, 17-Jan-85 11:18:04 EST
Article-I.D.: brl-tgr.7462
Posted: Thu Jan 17 11:18:04 1985
Date-Received: Sun, 20-Jan-85 06:14:49 EST
Sender: news@brl-tgr.ARPA
Organization: Ballistic Research Lab
Lines: 24

System V does not honor the setuid bits on shell files.

4.2 Does not honor the setuid bits on shell files.

This is because shell files are data, to be input to another program
rather than things that get processed by the "exec" system call which
is where setuid bits are dealt with.

4.2 does have a mechanism that if the magic number of a file happens to
correspond to "#!" the kernel then reads for the rest of the line and
uses that as the program to exec.  The setuid bits get applied to that
program (not necessarily the shell).  The standard input gets redirected
to the file (the manual is wrong).

Any time a setuid program is going to do things like invoking the shell,
it is going to have to be careful.  Most cases are not a defect in the
shell.  If you only have a binary license, get rid of setuid files begining
with "#!".  Carefully redo what they do in a real execed program wathching
out for pitfalls.  How about a little software design methodology here?
Of course, with trully execed (non-#!) programs you have no recourse than
to beat on the people you got your UNIX from if they do dumb things in
setuid programs.

-Ron