[EMAIL PROTECTED] (William R. Ward) writes: > It's been an option on traditional Unix systems for a long time. When > kernel runs the interpreter listed on the #! line, it does so with > suid/sgid access enabled. It's not really any more difficult than > launching binaries.
However, there is an unavoidable security hole if you have any setuid #! scripts, at least, as they are traditionally implemented. If you adjust the semantics slightly, it can be fixed, but even then, it's not usually judged to be that important.
