>Casper.Dik at Sun.COM wrote: >> >> If you intened to support setuid shell scripts or execute only >> >> shell scripts (no read permission), you also need suid_exec.c. >> > >> >Uh-oh... I forgot that thing (until now... I wrote a giant yellow >> >"PostIt" paper and glued it on my whiteboard) ... thanks for the >> >hint... :-) >> >> "suid_exec.c"? Is this the set-uid root helper to run set-uid scripts? >> >> Solaris does not need one. > >In theory... yes... in reality I never tested this. It may work but I >have no clue how details like the isaexec chain may affect it (or not... >I guess nothing bad will happen but to be honestly I completely forgot >the setid-script thing and never tested this).
We'd need to check that isaexec cannot be fooled into executing the wrong executable but I am fairly confident that is not the case. Casper
