If SUID was possible on bash scripts themselves I would hope any admin that could MAKE it SUID wouldn't allow just anyone to dork with it. That being said, in reality it would seem that, since /bin/bash is the actual program running the script, /bin/bash would be the program that would have to be SUID. That hilites David's concerns.
On Tue, 27 May 2003 18:56:47 -0500 "David A. Bandel" <[EMAIL PROTECTED]> wrote: > Yes. Consider: a script will run _anything_ you put in it. Now think > of the worst stuff you could put in it. Want your users running that > SUID? And even seemingly benign stuff, if it has a command thatīs not > fully pathed (oops), and as a user I create a similarly named malicious > tool (and of course my PATH has $HOME/bin before the system paths) -- > sounds like a wtfo (what the frell over?) to me. _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
