Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!henry
From: henry@utzoo.UUCP (Henry Spencer)
Newsgroups: net.unix
Subject: Re: 2 shell questions before the new year
Message-ID: <4894@utzoo.UUCP>
Date: Wed, 9-Jan-85 12:59:30 EST
Article-I.D.: utzoo.4894
Posted: Wed Jan  9 12:59:30 1985
Date-Received: Wed, 9-Jan-85 12:59:30 EST
References: <6820@brl-tgr.ARPA>, <240@mtxinu.UUCP>
Organization: U of Toronto Zoology
Lines: 13

> The advantages of directly-execable scripts are two-fold.  ...
> ...  Second, the set-uid and set-gid bits
> are honored.  Voila!  Set-uid shell scripts!

Of course, as we all (should) know, setuid shell scripts are terminally
insecure.  The shell is just too complex, and there are too many ways
to subvert it into doing things that the author of a (setuid) shell
script did not intend.  There are things that will help, like being
careful to standardize PATH and having your shell refuse to import a
non-standard value of IFS, but those aren't the only problems.
-- 
				Henry Spencer @ U of Toronto Zoology
				{allegra,ihnp4,linus,decvax}!utzoo!henry