Re: how do I use UID setting?
Miquel van Smoorenburg:
> Simple - setuid shell scripts are not supported under Linux because we
> have learned from history that it is impossible to create a secure shell
> script.
That's not the reason.
The reason is that the semantics of the #! line have the script passed to
the shell by name. In the meantime, a hacker can substitute a different
script. Making the directory unwriteable doesn't help, as the script can be
hardlinked to.
Solving this requires changing the semantics of either suid or #! - the
former is done by sudo (which does suid-by-pathname), the latter in systems
where the script is passed to the shell via an open handle.
Jiri
--
<jiri@baum.com.au>
We'll know the future has arrived when every mailer transparently
quotes lines that begin with "From ", but no-one remembers why.
Reply to: