On Sat, 29 Aug 2009 00:06:29 -0700 per...@pluto.rain.com wrote: > Michael David Crawford <m...@prgmr.com> wrote: > > It's not that setuid shell scripts are really more > > inherently insecure than programs written in C. > > Actually, absent some careful cooperation between the kernel > and the interpreter to prevent a race condition that can cause > the interpreter to run (with elevated permissions) a completely > different script than the one that was marked setuid, setuid > scripts _are_ insecure in a way that _cannot_ be fixed by any > degree of care that might be taken in the writing of the script. > > Check the hackers@ archives. It was discussed a little over a > month ago.
But is isn't that the same issue that Matthew Seaman was saying was fixed years ago (in the link I gave before), and is described in the follow-up: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185145.html That's entirely in the kernel, it doesn't require interpreter support. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"