Michael David Crawford <m...@prgmr.com> wrote: > It's not that setuid shell scripts are really more > inherently insecure than programs written in C.
Actually, absent some careful cooperation between the kernel and the interpreter to prevent a race condition that can cause the interpreter to run (with elevated permissions) a completely different script than the one that was marked setuid, setuid scripts _are_ insecure in a way that _cannot_ be fixed by any degree of care that might be taken in the writing of the script. Check the hackers@ archives. It was discussed a little over a month ago. _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"