From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id aae40b0c for ; Sun, 4 Aug 2019 07:44:17 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id 176E69BAFB; Sun, 4 Aug 2019 17:44:16 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id BA9DE9B84E; Sun, 4 Aug 2019 17:44:03 +1000 (AEST) Authentication-Results: minnie.tuhs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="kqxcEYkg"; dkim-atps=neutral Received: by minnie.tuhs.org (Postfix, from userid 112) id 4FF5A9B84E; Sun, 4 Aug 2019 17:44:02 +1000 (AEST) Received: from mail-yb1-f179.google.com (mail-yb1-f179.google.com [209.85.219.179]) by minnie.tuhs.org (Postfix) with ESMTPS id B056F948F2 for ; Sun, 4 Aug 2019 17:44:01 +1000 (AEST) Received: by mail-yb1-f179.google.com with SMTP id e11so1831541ybq.9 for ; Sun, 04 Aug 2019 00:44:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Y2+iOBqWiMAoa0GQH4EdriJTNx9C3FgbW4vWcaLSCL0=; b=kqxcEYkgDAAgx9eEuCbJT9gdj1EvVyrmHeGhWWv+YXGx7u+x0HVfiwUL8SViK10jYK gYigiR7LMxn01vsLrBRtpiv4pubXTzetAnwAQL8McIFMUYCz7phl323Pxn42gNQfRKPF 8IA1bbGFfJ9sW+7/oxfewczvfCLVdrcCJpeuZ6m6nNWZPB6CnQac8DVbcGJWvtmlGHaE P1vPGbQ/w347AgPvs6MU4JZOxk3e04YGy9wydExp1Qlc+zMi08IQAgDfank3Z5NQL80k S1N05bKYZLnlH7x/cY9pYvdw6ZGwecYJel9bQnBGRFudeCJj4Q4XWjTok2FtyImZWuLh /G+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Y2+iOBqWiMAoa0GQH4EdriJTNx9C3FgbW4vWcaLSCL0=; b=Np1lR2dyJG+xOsiawpEUhFrMKkKHa8fXx+rplf5PM0HLxyiAX8pD4YWMuHWeDqbheq iWaHG9K16MQPEJRFl72FeXtDwpzyvzk56zLfuLyuZpdO0aJQVcoVsBK+Cm9UmKJMaoOn TVPTGLAxXhGj2dkFpiyfKMAl1LuRmjACtVKipxSEXoo9a3Ey/iwWRNzdYxyknt1lSbzF I6zKel/NXxDYboORnasIhyQ236lDrdZDvCUgXEaZKI1KZVJhaco0xKCZzF8TFTmBhoID RbLb6GfaozCLmAu9FH5P3dutLsDTNwabCPMIGU5iOhmyXj9IoJFXkfndijQDMMPf15Kk Oydg== X-Gm-Message-State: APjAAAVs+JHMCJp2brrpQ/ctzunGqGgZIPV3gSogz8+Bkiiwto62OnjQ qI5NNeYyJaYeXyEeU82qygoIcziv1zh7elK6PlFSrfI8 X-Google-Smtp-Source: APXvYqw3Y+qAOeTOKwsgz5v1YQazvVTy0oD9pRZMz62G6TbnVvet4yg0TZINldprD13d4C16mB8XsNWhJUqmuV2d/2o= X-Received: by 2002:a25:7714:: with SMTP id s20mr60879744ybc.25.1564904640772; Sun, 04 Aug 2019 00:44:00 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Alec Muffett Date: Sun, 4 Aug 2019 08:43:24 +0100 Message-ID: To: Dave Horsfall Content-Type: multipart/alternative; boundary="000000000000387ca3058f45c1bf" Subject: Re: [TUHS] Set-uid shell scripts X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: The Eunuchs Hysterical Society Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" --000000000000387ca3058f45c1bf Content-Type: text/plain; charset="UTF-8" On Sun, 4 Aug 2019 at 08:37, Dave Horsfall wrote: > Is it just me, or did someone actually implement set-uid scripts? Yes, they were a thing for a while, until someone realised that you could do: ln -s /bin/scriptname ./-i "-i" # assuming that "." is already in your path ...and get a root shell. Source: I did this on (ISTR) 4.1 or 4.2BSD. -a -- http://dropsafe.crypticide.com/aboutalecm --000000000000387ca3058f45c1bf Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Sun, 4 Aug 2019 at 08:37, Dave Horsfal= l <dave@horsfall.org> wrote:=
Is it just me, or did= someone actually implement set-uid scripts?

Yes, they were a thing for a while, until someone realised that you could= do:

ln -s /bin/scriptname ./-i
"-i= " # assuming that "." is already in your path

=
...and get a root shell.=C2=A0 Source: I did this on (ISTR) 4.1 = or 4.2BSD.

=C2=A0 =C2=A0 -a

--
--000000000000387ca3058f45c1bf--