Subject: Re: SETUIDSCRIPTS
To: Mike Long <firstname.lastname@example.org>
From: Chris G. Demetriou <email@example.com>
Date: 07/07/1997 16:02:22
> >From: Jaromir Dolecek <firstname.lastname@example.org>
> >Date: Tue, 8 Jul 1997 00:35:21 +0200 (MEST)
> >Is %subj% supposed to work ? While compiling kernel as of July 5
> >it writes:
> >--- exec_script.o ---
> >../../../../kern/exec_script.c: In function `exec_script_makecmds':
> >../../../../kern/exec_script.c:148: `S_ISUID' undeclared (first use this function)
> [lotsa lossage deleted]
> AFAIK the SETUIDSCRIPTS option is unsupported because it cannot be
> made secure.
False. The mechanism used by the SETUIDSCRIPTS option is (or can be;
i won't rule out bugs 8-) secure.
It's not the default because it's rather unintuitive (if you're trying
to use a broken shell, interesting error messages can result) and
because most UNIX systems doesn't support setuid shell scripts.