Path: utzoo!dciem!nrcaer!scs!spl1!laidbak!att!ihnp4!ucbvax!bostic From: bostic@ucbvax.BERKELEY.EDU (Keith Bostic) Newsgroups: comp.unix.wizards Subject: Re: setuid shell scripts Message-ID: <24479@ucbvax.BERKELEY.EDU> Date: 1 Jun 88 21:08:48 GMT Article-I.D.: ucbvax.24479 References: <19045@watmath.waterloo.edu> Organization: University of California at Berkeley Lines: 23 In article <19045@watmath.waterloo.edu>, gamiddleton@watmath.waterloo.edu (Guy Middleton) writes: > The following recently showed up in comp.bugs.4bsd.ucb-fixes: > > From: bostic@OKEEFFE.BERKELEY.EDU (Keith Bostic) > Subject: setuid/setgid shell scripts are a security risk > Index: sys/kern_exec.c 4.3BSD > > This seems unnecessarily drastic action. We know what the problems with > setuid shell scripts are; there is a simple kernel change to fix them (or > at least, it fixes the problems we are aware of). Why not fix the problem, > instead of removing a useful feature from the system? The kernel fix that you (and other people) are proposing does not fix this particular problem. --keith - - - - - -