I know I shouldn't reply to the list, but I believe this is important
for everyone who read the original message.
On Tue, Mar 24 1992 Bryan Emery wrote:
> From: simon%gpsemi.COM (Simon Booth x8125 System Mangler ! - Unix)
[stuff deleted]
> The mount script ( Call it for eg mountfd ) :
[stuff deleted]
> #! /bin/csh -b
> #
> # Set UID root script
[stuff deleted]
> (The -b is importanmt in the first line )
[stuff deleted]
> The unmount script ( eg umountfd )
>
> #! /bin/csh -b
> #
> # Set UID root script
[stuff deleted]
Do not install these scripts. There is a inherent security risk in
setuid shell scripts, whether they be for sh or for csh or for any
other interpreter. Given a setuid script it is trivial to become root
(if you know how) and there is nothing you can do to prevent that.
Make a C program instead that does what the script is supposed to do.
Sjoerd Mullender
CWI, dept. CST, Kruislaan 413, 1098 SJ Amsterdam, Netherlands
email: Sjoerd.Mullender@cwi.nl fax: +31 20 592 4199
phone: +31 20 592 4127 telex: 12571 mactr nl
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:40 CDT