Date: Thu, 13 Mar 1997 17:00:02 -0800 (PST) From: Marc Slemko <marcs@znep.com> To: freebsd-bugs Subject: Re: docs/2978: "man 5 passwd" suggests use of a shell script for (INSECURE) messaging Message-ID: <199703140100.RAA01945@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR docs/2978; it has been noted by GNATS. From: Marc Slemko <marcs@znep.com> To: J Wunsch <j@uriah.heep.sax.de> Cc: freebsd-gnats-submit@freebsd.org Subject: Re: docs/2978: "man 5 passwd" suggests use of a shell script for (INSECURE) messaging Date: Thu, 13 Mar 1997 17:55:10 -0700 (MST) On Thu, 13 Mar 1997, J Wunsch wrote: > The following reply was made to PR docs/2978; it has been noted by GNATS. > > The only known security exploit per se (i.e., apart from stupidity of > the shellscript writer) for an interpreted executable shellscript by > now was to spam the script with $ENV (e.g. by importing it from a > telnet session), for example abusing /etc/shells. This hole has been > plugged by cloning the -p option from the Korn shell, thus causing the > script to ignore $ENV entirely. The problem is that when you say "shell script" most people don't think "/bin/sh script with -p" and most people don't recognize the potential vulnerability. I think it would be a reasonable to include a warning. Something like the below, although I don't have the time right now to word it nicely and my *roff is a bit rusty... Index: passwd.5 =================================================================== RCS file: /usr/cvs/src/share/man/man5/passwd.5,v retrieving revision 1.11 diff -c -r1.11 passwd.5 *** passwd.5 1997/02/22 13:26:05 1.11 --- passwd.5 1997/03/14 00:48:00 *************** *** 290,296 **** .Pa /usr/local/bin/go_away can be a short shell script or program that prints a message telling the user that he is not allowed access ! to the system. This technique is sometimes useful when it is desirable to have the system be able to recognize all users in a particular NIS domain without necessarily granting them login access. .Pp --- 290,302 ---- .Pa /usr/local/bin/go_away can be a short shell script or program that prints a message telling the user that he is not allowed access ! to the system. If you use a shell script be sure to use the ! .Pa -p ! option to ! .Pa /bin/sh ! (see ! .Xr sh 1 ! for details). This technique is sometimes useful when it is desirable to have the system be able to recognize all users in a particular NIS domain without necessarily granting them login access. .Pp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703140100.RAA01945>