in bugtraq
Re: Setuid programs run from shell scripts?
daemon@ATHENA.MIT.EDU (Julian Assange)
Thu Nov 17 15:15:17 1994
Date: Fri, 18 Nov 1994 03:59:19 +0100
From: Julian Assange <firstname.lastname@example.org>
To: Fred Blonder <email@example.com>
Cc: firstname.lastname@example.org, Quentin.Fennessy@sematech.org,
email@example.com, firstname.lastname@example.org, email@example.com
On Thu, 17 Nov 1994, Fred Blonder wrote:
> From: Julian Assange <firstname.lastname@example.org>
> Of course, to make things really interesting, we could have n files,
> comprised of n-1 setuid/setgid scripts and 1 setuid/setgid binary, with
> each script calling the next as its #! argument and the last calling the
> binary. ;-)
> The '#!' exec-hack does not work recursively. I just tried it under SunOs 4.1.3
> It generated no diagnostics and exited with status 0, but it also didn't execute
> the target binary.
main(int c, char **v)
sprintf(s, "f%d", n);
fprintf(fh, "#!f%d", n+1);
Does under linux (300 deep at least). However, linux doesn't permit suid
scripts in anyvent. Other platforms I have not as yet tested.