Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83 (MC840302); site log-hb.UUCP
Path: utzoo!watmath!clyde!cbosgd!ihnp4!zehntel!hplabs!hao!seismo!mcvax!enea!log-hb!hans
From: hans@log-hb.UUCP (Hans Albertsson)
Newsgroups: net.unix
Subject: Re: 2 shell questions before the new year
Message-ID: <229@log-hb.UUCP>
Date: Sun, 13-Jan-85 14:45:53 EST
Article-I.D.: log-hb.229
Posted: Sun Jan 13 14:45:53 1985
Date-Received: Wed, 16-Jan-85 21:16:25 EST
References: <6820@brl-tgr.ARPA> <240@mtxinu.UUCP> <405@mcvax.UUCP> <7173@brl-tgr.ARPA>
Reply-To: hans@log-hb.UUCP (Hans Albertsson)
Organization: TeleLOGIC Nyn{shamn SWEDEN
Lines: 23
Summary: 

In article <7173@brl-tgr.ARPA> gwyn@brl-tgr.ARPA (Doug Gwyn ) writes:
>> Unless you've fixed your kernel, if you have setuid shell scripts you
>> have a security hole. Don't send me mail asking what it is.
>
>One should be careful for ANY security-related code to check for
>loopholes.  This means, in C code, argc == 0, PATH=funny_places,
>signals in critical places, fd 0, 1, and/or 2 not opened, etc.
>For shell scripts, one should ALWAYS set PATH=wherever and if
>security-critical set IFS=standard_whitespace and catch traps.


Well, do all of that, and still do NOT use any set-uid shell scripts.
I had the bug demonstrated privately, and believe me, you should NOT
permit setuid shell scripts. Ever. Period.
No amount of defensive programming helps.

A fix may or may not be available at a later date, they tell me.
I have NO idea how that will be distributed, if ever.
Or by whom.
I've got it, I think ( hope? ), but won't spill.
-- 
Hans Albertsson, USENET/uucp: {decvax,philabs}!mcvax!enea!log-hb!hans
Real World:  TeleLOGIC AB, Box 1001, S-14901 Nynashamn,SWEDEN