Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1994: Re: setuid scripts in SunOS 4.1.x

Re: setuid scripts in SunOS 4.1.x

John Hawkinson (jhawkpanix.com)
Mon, 26 Sep 1994 16:17:15 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Fred Blonder: "Re: setuid scripts in SunOS 4.1.x"
Previous message: *Hobbit*: "Re: setuid scripts in SunOS 4.1.x"
In reply to: Fred Blonder: "Re: setuid scripts in SunOS 4.1.x"
Next in thread: Harold van Aalderen: "Re: setuid scripts in SunOS 4.1.x"

me:
> 	The "correct" thing to do is to patch kern_exec.c (kern_exec.o).

> Ummm, then how's it going to cope with set-uid perl scripts, which ARE
> rumored to be secure?  You could have a table of 'ok shell
> interpreters' in the kernel, but that would be extremely ugly.

Perl implements a solution. It has a program called suidperl, which
emulates setuid scripts when they are disabled, thus allowing setuid
perl scripts.

> Since the problem is in /bin/sh, that is where it should be solved, or
> at least avoided.  If you across-the-board disable all set-uid shell
> interpreters, that will infuriate the few who do it right, and remove
> any motivation for others to do it correctly.

And what software other than perl implements setuid scripts in a
secure manner?

--
John Hawkinson
jhawkpanix.com

Next message: Fred Blonder: "Re: setuid scripts in SunOS 4.1.x"
Previous message: *Hobbit*: "Re: setuid scripts in SunOS 4.1.x"
In reply to: Fred Blonder: "Re: setuid scripts in SunOS 4.1.x"
Next in thread: Harold van Aalderen: "Re: setuid scripts in SunOS 4.1.x"