Michael David Crawford <m...@prgmr.com> wrote:
> It's not that setuid shell scripts are really more
> inherently insecure than programs written in C.

Actually, absent some careful cooperation between the kernel
and the interpreter to prevent a race condition that can cause
the interpreter to run (with elevated permissions) a completely
different script than the one that was marked setuid, setuid
scripts _are_ insecure in a way that _cannot_ be fixed by any
degree of care that might be taken in the writing of the script.

Check the hackers@ archives.  It was discussed a little over a
month ago.
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to