On 09/25/2014 12:45 PM, Steve Meyers wrote: > If you can influence the environment of a SUID script, it may allow > privilege escalation.
Linux doesn't allow scripts to be setuid. But a setuid binary could be making system() calls using the caller's environment, I suppose. Though most I've seen create a special environment for subprocesses. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
