There are any number of thousands of pieces on the web about this, but the real problem with setuid is that it is a hinged chopstick.
A command that you execute because you can is one security risk. You fix that by auditing the code and installing the executable such that only root almighty can write over it. A setuid command has a hinge in it, a second vulnerability. Who gets to execute it in any scenario. A setuid script is two hinges in it: Who gets to execute, and who gets to edit the script. -- Jack J. Woehr # I run for public office from time to time. It's like http://www.well.com/~jax # working out at the gym, you sweat a lot, don't get http://www.softwoehr.com # anywhere, and you fall asleep easily afterwards. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
