A setuid bash doesn't give up root.

[Karl M. Hegbloom]

I've discovered something interesting.

# cp /bin/bash /tmp
# chmod u+s /tmp/bash

$ /tmp/bash
$ whoami
karlheg

# cp /usr/bin/zsh /tmp
# chmod u+s /tmp/zsh

$ /tmp/zsh
# whoami
root

 Perhaps we should have a policy that says all of our shells should
 follow the Bash behaviour?

Re: A setuid bash doesn't give up root.

[Ben Gertzfield]

 Karl == Karl M Hegbloom [EMAIL PROTECTED] writes:

Karl  Perhaps we should have a policy that says all of our shells
Karl should follow the Bash behaviour?

This would help a *tiny* bit, but there are many many programs other
than shells that will wreak havoc if they're made set-uid. Emacs, or
vi, or netscape.. well, you get the drift.

-- 
Brought to you by the letters D and M and the number 18.
Bill Gates is a talented evil man.
Debian GNU/Linux maintainer of Gimp and GTK+ -- http://www.debian.org/
I'm on FurryMUCK as Che, and EFNet/Open Projects IRC as Che_Fox.