> Even with this hole closed,
> individual interpreters may have a host of inherent security issues
> (like /bin/sh and IFS), so setuid scripts will probably never be a
> very good idea.

Other interpreters have cute features that prevent set-id use...
e.g. csh closes all open file descriptors at startup, other than
stdin, stdout, and stder...


chris