[201] in bugtraq
Re: Setuid programs run from shell scripts?
daemon@ATHENA.MIT.EDU (Fred Blonder)
Thu Nov 17 13:43:52 1994
Date: Thu, 17 Nov 1994 11:11:17 -0500
From: fred@nasirc.hq.nasa.gov (Fred Blonder)
To: karl@bagpuss.demon.co.uk, proff@suburbia.apana.org.au
Cc: Quentin.Fennessy@sematech.org, fred@nasirc.hq.nasa.gov,
mcn@c3serve.c3.lanl.gov, bugtraq@fc.net
From: Julian Assange <proff@suburbia.apana.org.au>
.
.
.
Of course, to make things really interesting, we could have n files,
comprised of n-1 setuid/setgid scripts and 1 setuid/setgid binary, with
each script calling the next as its #! argument and the last calling the
binary. ;-)
The '#!' exec-hack does not work recursively. I just tried it under SunOs 4.1.3
It generated no diagnostics and exited with status 0, but it also didn't execute
the target binary.
I suppose that fact that it didn't barf with an ENOEXEC or similar error
qualifies as a bug.
