Miquel van Smoorenburg: > Simple - setuid shell scripts are not supported under Linux because we > have learned from history that it is impossible to create a secure shell > script.
That's not the reason. The reason is that the semantics of the #! line have the script passed to the shell by name. In the meantime, a hacker can substitute a different script. Making the directory unwriteable doesn't help, as the script can be hardlinked to. Solving this requires changing the semantics of either suid or #! - the former is done by sudo (which does suid-by-pathname), the latter in systems where the script is passed to the shell via an open handle. Jiri -- <[EMAIL PROTECTED]> We'll know the future has arrived when every mailer transparently quotes lines that begin with "From ", but no-one remembers why.
