From owner-freebsd-hackers Mon Feb 24 23:56:36 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id XAA07147 for hackers-outgoing; Mon, 24 Feb 1997 23:56:36 -0800 (PST) Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id XAA06769; Mon, 24 Feb 1997 23:53:41 -0800 (PST) Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id IAA12829; Tue, 25 Feb 1997 08:53:32 +0100 Received: (from j@localhost) by uriah.heep.sax.de (8.8.5/8.8.5) id IAA04815; Tue, 25 Feb 1997 08:33:15 +0100 (MET) Message-ID: Date: Tue, 25 Feb 1997 08:33:14 +0100 From: j@uriah.heep.sax.de (J Wunsch) To: hackers@freebsd.org Cc: jehamby@lightside.com (Jake Hamby), abelits@phobos.illtel.denver.co.us, angio@aros.net, auditors@freebsd.org Subject: Re: disallow setuid root shells? References: <199702250415.MAA23422@spinner.DIALix.COM> X-Mailer: Mutt 0.55-PL10 Mime-Version: 1.0 X-Phone: +49-351-2012 669 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) In-Reply-To: <199702250415.MAA23422@spinner.DIALix.COM>; from Peter Wemm on Feb 25, 1997 12:15:42 +0800 Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk As Peter Wemm wrote: > ksh doesn't require -p to be specified, it detects uid != euid and turns > it on automatically. It has the same effect as -p in /bin/sh. In ksh > however, you can turn off the 'p' option and ksh will revoke it's setuid > right then. Just for the records: our /bin/sh does the same. > All that's required then for a reasonably secure script is explicitly > setting IFS on the first line of the script, and extreme caution. Ah, having seen so numerous complaints from suidperl about tainted variables, i wouldn't ever in the world try to write a suid shell script. :-) -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)