[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: VI wrapper for SUDO? - another bad way ??

bill@wards.net (William R. Ward) writes:

> It's been an option on traditional Unix systems for a long time.  When
> kernel runs the interpreter listed on the #! line, it does so with
> suid/sgid access enabled.  It's not really any more difficult than
> launching binaries.  

However, there is an unavoidable security hole if you have any setuid
#! scripts, at least, as they are traditionally implemented.  If you
adjust the semantics slightly, it can be fixed, but even then, it's
not usually judged to be that important.

Reply to: