Re: hard links create local DoS vulnerability and security proble

["H. Peter Anvin" <hpa@zytor.com>]

Followup to:  <xltptfhd0wk.fsf@shookay.newview.com>
By author:    Mathieu Chouquet-Stringer <mathieu@newview.com>
In newsgroup: linux.dev.kernel
> 
> It's always been my understanding that you cannot have suid shell script
> because you could easily change the IFS. Am i wrong? (
> 

Well, sort of.

You can't have a setuid shell script using #!/bin/bash because
/bin/bash doesn't support it.

You *can* have a setuid Perl script using #!/usr/bin/perl because Perl
knows how to run setuid safely.

It's up to the script interpreter (if it is setuid or has an setuid
wrapper available -- Perl does it the latter way) to decide to honour
the setuid bit on a script.

If you really want to use a setuid script, you can create
a setuid /usr/bin/setuidbash which would do whatever sanitization you
felt was appropriate, and then exec bash with the appropriate
permissions.  Then put #!/usr/bin/setuidbash in your scripts.

	-hpa


-- 
<hpa@transmeta.com> at work, <hpa@zytor.com> in private!
If you send me mail in HTML format I will assume it's spam.
"Unix gives you enough rope to shoot yourself in the foot."
Architectures needed: ia64 m68k mips64 ppc ppc64 s390 s390x sh v850 x86-64