Re: VI wrapper for SUDO? - another bad way ??
email@example.com (William R. Ward) writes:
> It's been an option on traditional Unix systems for a long time. When
> kernel runs the interpreter listed on the #! line, it does so with
> suid/sgid access enabled. It's not really any more difficult than
> launching binaries.
However, there is an unavoidable security hole if you have any setuid
#! scripts, at least, as they are traditionally implemented. If you
adjust the semantics slightly, it can be fixed, but even then, it's
not usually judged to be that important.