> In theory... yes... in reality I never tested this. It may work but I > have no clue how details like the isaexec chain may affect it (or not... > I guess nothing bad will happen but to be honestly I completely forgot > the setid-script thing and never tested this). > >
If the exec command supports #!, and #! also works for scripts that are setuid and/or execute only, then there is no need for suid_exec. For execute only scripts, the exec call needs to open the file and pass down the open file descriptor as /dev/fd/n where n is the file descriptor. This way the shell can read the script without needed read permission on the script. David Korn dgk at research.att.com
