-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 [EMAIL PROTECTED] wrote: > On Wed, 06 Feb 2008, Alex Zbyslaw wrote > SNIP >> Setuid/gid bits on shell scripts aren't considered safe, however and may >> even be disabled.
> THERE IS NO REASON FOR THIS, JUST USE THE FILE-SYSTEM TO PROTECT THE > FILES (MAKE THEM NOT WRITEABLE). Scripts are no more susceptible to > sabotage and misuse than binary files, it is just that scripts can be > more easily decoded and understood than binary files, and so > management (that usually doesn't know much about a computer system) > becomes frightened and issues orders to relieve their stress. There's no particular reason that setuid bits on scripts are dangerous nowadays. However in the dim and distant past (before the millenium) there used to be a race condition on opening files that meant it was trivial to use a setuid script to get a shell running under the target UID. The horror of this situation seems to have branded itself so deeply on the Unix psyche that even now, when that race condition has been eliminated for many years, there is still a lingering reflex response: "setuid scripts bad." Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHrsBR8Mjk52CukIwRCF9HAJ0RV95skb+MVcRjIJVpkLoVxId7BgCfQ14Y VyixVUuRczh96zewYpx24ik= =X1Lc -----END PGP SIGNATURE----- _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"