[TUHS] Set-uid shell scripts
ron minnich
rminnich at gmail.com
Wed Aug 7 08:56:17 AEST 2019
This brought to mind this old discussion:
https://www.tuhs.org/Usenet/comp.unix.wizards/1988-November/023460.html
On Tue, Aug 6, 2019 at 3:49 PM Dave Horsfall <dave at horsfall.org> wrote:
>
> On Tue, 6 Aug 2019, jason-tuhs at shalott.net wrote:
>
> [ Replacing a temporary set-uid file ]
>
> > This was always described to me as the canonical reason why setuid
> > interpreted scripts were a security hole, irrespective of any specifics
> > in the shell or other interpreter.
>
> It's a problem for any temporary files in a world-writable directory,
> hence the extensions to directory permissions e.g. /tmp and /var/tmp...
>
> Amusingly enough, the Mac works around this by symlinking /tmp to
> private/tmp i.e. you get your own /tmp...
>
> -- Dave
More information about the TUHS
mailing list