On Wed, 27 Sep 2006 13:19:48 +0100 Darren J Moffat wrote: > It could in theory work but why ? You do realise that pfexec(1) is > setuid root right ?
> What is the objection to having pfksh93 use pfexec to execute > /usr/bin/chmod rather than the ksh93 builtin chmod ? If I can > understand that maybe I can understand why you seem to want to do this > differently for ksh93 than how it is done today for pfsh, pfcsh and the > exising ksh88 derived pfksh (and how the pfzsh that I haven't shipped > yet works too). the ksh93 sources are close to handling builtins vs pfexec the view taken is that a command marked pfexec will get exactly that command path run under pfexec I've been posting questions and making progress @ security-discuss -- Glenn Fowler -- AT&T Research, Florham Park NJ --
