From owner-freebsd-bugs Thu Mar 13 17:00:06 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id RAA01971 for bugs-outgoing; Thu, 13 Mar 1997 17:00:06 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id RAA01945; Thu, 13 Mar 1997 17:00:02 -0800 (PST) Date: Thu, 13 Mar 1997 17:00:02 -0800 (PST) Message-Id: <199703140100.RAA01945@freefall.freebsd.org> To: freebsd-bugs Cc: From: Marc Slemko Subject: Re: docs/2978: "man 5 passwd" suggests use of a shell script for (INSECURE) messaging Reply-To: Marc Slemko Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk The following reply was made to PR docs/2978; it has been noted by GNATS. From: Marc Slemko To: J Wunsch Cc: freebsd-gnats-submit@freebsd.org Subject: Re: docs/2978: "man 5 passwd" suggests use of a shell script for (INSECURE) messaging Date: Thu, 13 Mar 1997 17:55:10 -0700 (MST) On Thu, 13 Mar 1997, J Wunsch wrote: > The following reply was made to PR docs/2978; it has been noted by GNATS. > > The only known security exploit per se (i.e., apart from stupidity of > the shellscript writer) for an interpreted executable shellscript by > now was to spam the script with $ENV (e.g. by importing it from a > telnet session), for example abusing /etc/shells. This hole has been > plugged by cloning the -p option from the Korn shell, thus causing the > script to ignore $ENV entirely. The problem is that when you say "shell script" most people don't think "/bin/sh script with -p" and most people don't recognize the potential vulnerability. I think it would be a reasonable to include a warning. Something like the below, although I don't have the time right now to word it nicely and my *roff is a bit rusty... Index: passwd.5 =================================================================== RCS file: /usr/cvs/src/share/man/man5/passwd.5,v retrieving revision 1.11 diff -c -r1.11 passwd.5 *** passwd.5 1997/02/22 13:26:05 1.11 --- passwd.5 1997/03/14 00:48:00 *************** *** 290,296 **** .Pa /usr/local/bin/go_away can be a short shell script or program that prints a message telling the user that he is not allowed access ! to the system. This technique is sometimes useful when it is desirable to have the system be able to recognize all users in a particular NIS domain without necessarily granting them login access. .Pp --- 290,302 ---- .Pa /usr/local/bin/go_away can be a short shell script or program that prints a message telling the user that he is not allowed access ! to the system. If you use a shell script be sure to use the ! .Pa -p ! option to ! .Pa /bin/sh ! (see ! .Xr sh 1 ! for details). This technique is sometimes useful when it is desirable to have the system be able to recognize all users in a particular NIS domain without necessarily granting them login access. .Pp