Bugtraq mailing list archives
Re: setuid scripts in SunOS 4.1.x
From: fred () nasirc hq nasa gov (Fred Blonder)
Date: Mon, 26 Sep 1994 16:12:32 -0400
From: John Hawkinson <jhawk () panix com> . . . The "correct" thing to do is to patch kern_exec.c (kern_exec.o). . . . Ummm, then how's it going to cope with set-uid perl scripts, which ARE rumored to be secure? You could have a table of 'ok shell interpreters' in the kernel, but that would be extremely ugly. Since the problem is in /bin/sh, that is where it should be solved, or at least avoided. If you across-the-board disable all set-uid shell interpreters, that will infuriate the few who do it right, and remove any motivation for others to do it correctly. ----- Fred Blonder fred () nasirc hq nasa gov Hughes STX Corp. (301) 441-4079 7701 Greenbelt Rd. Greenbelt, Md. 20770
Current thread:
- Re: setuid scripts in SunOS 4.1.x Richard Huddleston (Sep 21)
- <Possible follow-ups>
- Re: setuid scripts in SunOS 4.1.x Peter Jeremy (Sep 22)
- Re: setuid scripts in SunOS 4.1.x Colin Campbell (Sep 23)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 22)
- Re: setuid scripts in SunOS 4.1.x Karl Strickland (Sep 24)
- Re: setuid scripts in SunOS 4.1.x Fred Blonder (Sep 26)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 26)
- Re: setuid scripts in SunOS 4.1.x Harold van Aalderen (Sep 27)
- Re: setuid scripts in SunOS 4.1.x Rafi Sadowsky (Sep 27)
- Re: setuid scripts in SunOS 4.1.x Paul O'Donnell (Sep 27)
- Re: setuid scripts in SunOS 4.1.x Fred Blonder (Sep 27)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 27)
- Re: setuid scripts in SunOS 4.1.x Valdis.Kletnieks () vt edu (Apr 17)
- Re: setuid scripts in SunOS 4.1.x jmc () gnu ai mit edu (Sep 28)
- request Michel JACQUOT (Sep 29)
- Re: setuid scripts in SunOS 4.1.x Fred Blonder (Sep 28)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 22)