Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83 (MC840302); site log-hb.UUCP Path: utzoo!watmath!clyde!cbosgd!ihnp4!zehntel!hplabs!hao!seismo!mcvax!enea!log-hb!hans From: hans@log-hb.UUCP (Hans Albertsson) Newsgroups: net.unix Subject: Re: 2 shell questions before the new year Message-ID: <229@log-hb.UUCP> Date: Sun, 13-Jan-85 14:45:53 EST Article-I.D.: log-hb.229 Posted: Sun Jan 13 14:45:53 1985 Date-Received: Wed, 16-Jan-85 21:16:25 EST References: <6820@brl-tgr.ARPA> <240@mtxinu.UUCP> <405@mcvax.UUCP> <7173@brl-tgr.ARPA> Reply-To: hans@log-hb.UUCP (Hans Albertsson) Organization: TeleLOGIC Nyn{shamn SWEDEN Lines: 23 Summary: In article <7173@brl-tgr.ARPA> gwyn@brl-tgr.ARPA (Doug Gwyn) writes: >> Unless you've fixed your kernel, if you have setuid shell scripts you >> have a security hole. Don't send me mail asking what it is. > >One should be careful for ANY security-related code to check for >loopholes. This means, in C code, argc == 0, PATH=funny_places, >signals in critical places, fd 0, 1, and/or 2 not opened, etc. >For shell scripts, one should ALWAYS set PATH=wherever and if >security-critical set IFS=standard_whitespace and catch traps. Well, do all of that, and still do NOT use any set-uid shell scripts. I had the bug demonstrated privately, and believe me, you should NOT permit setuid shell scripts. Ever. Period. No amount of defensive programming helps. A fix may or may not be available at a later date, they tell me. I have NO idea how that will be distributed, if ever. Or by whom. I've got it, I think ( hope? ), but won't spill. -- Hans Albertsson, USENET/uucp: {decvax,philabs}!mcvax!enea!log-hb!hans Real World: TeleLOGIC AB, Box 1001, S-14901 Nynashamn,SWEDEN