On Sat, 29 Aug 2009 00:06:29 -0700
per...@pluto.rain.com wrote:

> Michael David Crawford <m...@prgmr.com> wrote:
> > It's not that setuid shell scripts are really more
> > inherently insecure than programs written in C.
> Actually, absent some careful cooperation between the kernel
> and the interpreter to prevent a race condition that can cause
> the interpreter to run (with elevated permissions) a completely
> different script than the one that was marked setuid, setuid
> scripts _are_ insecure in a way that _cannot_ be fixed by any
> degree of care that might be taken in the writing of the script.
> Check the hackers@ archives.  It was discussed a little over a
> month ago.

But is isn't that the same issue that Matthew Seaman was saying was
fixed years ago (in the link I gave before), and is described in the


That's entirely in the kernel, it doesn't require interpreter support.
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to