Jean Orloff: > For the suid bit: I vaguely remember this was somehow disbaled in > Debian for security reasons (which do not really apply for a laptop > spending 99% of the time disconnected), but I don't remember how...
When you exec a shell script /usr/local/bin/foo which begins with the line #!/bin/sh what actually gets executed is /bin/sh /usr/local/bin/foo Intuitively, this would be suid only if /bin/sh is suid (at which point, you could reasonably expect that /bin/sh would be written to interpret the permissions on /usr/local/bin/foo and take appropriate action). I don't know exactly how this is currently implemented in the linux kernel, but I wouldn't be suprised if it did exactly this. Note, also, that you can completely change the semantics of /bin/sh by setting some environmental variables (such as IFS, and LD_LIBRARY_PATH). Thus, you probably don't want to have suid shell scripts in the first place. It's more secure to just put /bin/open in /etc/inittab for some virtual terminal [at least this way, remote users wouldn't get root access.] -- Raul
