From owner-freebsd-security  Mon Oct 30 19: 1: 9 2000
Delivered-To: freebsd-security@freebsd.org
Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7FD5937B4CF; Mon, 30 Oct 2000 19:01:07 -0800 (PST)
Received: from bsdie.rwsystems.net([209.197.223.2]) (1998 bytes) by bsdie.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@rwsystems.net>) 
	id <m13qRe9-000CELC@bsdie.rwsystems.net>
	for <freebsd-security@FreeBSD.ORG>; Mon, 30 Oct 2000 20:59:33 -0600 (CST)
	(Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25)
Date: Mon, 30 Oct 2000 20:59:32 -0600 (CST)
From: James Wyatt <jwyatt@rwsystems.net>
To: Kris Kennaway <kris@FreeBSD.ORG>
Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>,
	freebsd-security@FreeBSD.ORG
Subject: Re: tcsh: unsafe tempfile in << redirects (fwd)
In-Reply-To: <20001030173258.B15245@citusc17.usc.edu>
Message-ID: <Pine.BSF.4.10.10010302018280.60655-100000@bsdie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.BSF.4.10.10010302018282.60655@bsdie.rwsystems.net>
Content-Disposition: INLINE
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 30 Oct 2000, Kris Kennaway wrote:
> On Mon, Oct 30, 2000 at 06:59:12PM -0600, James Wyatt wrote:
> > On Mon, 30 Oct 2000, Kris Kennaway wrote:
> > > On Mon, Oct 30, 2000 at 01:26:41PM -0800, Cy Schubert - ITSD Open Systems Group wrote:
> > > > Our tcsh appears vulnerable.  So is the 44bsd-csh port.
> > > 
> > > Yep, stupid braindead $*&^*# shells...
> > 
> > Was that comment *really* necessary? I use bash myself, but have enough
> > users using tcsh (and ksh, etc) that I care about them too. Of course,
> > some folks consider Emacs their shell... Most are just glad to have
> > something besides command.com to work with. (^_^)
> 
> I don't care about features of the shell, I care about braindead
> coding practises like thinking you don't have to worry that your
> filename is predictable and is created insecurely.

I can see your (and David G. Andersen's) point about this and agree. (Your
answers to my response were much clearer than the original comment.) This
also argues against allowing suid shell-scripts anywhere. Are there any
shells that are audited for correctness or security? (does sh qualify?) Is
using Perl for system scripts really more secure than shell scripts? - Jy@



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message