> I believe there are a lot of ways to make shell SUID scripts secure, at least
> there are for other Unix fashions (including SUN-OS/Solaris which says it
> all...). Is this limitation a RiscBSD thing or is it a NetBSD problem and
> will it be fixed?

While you CAN make setuid scripts work on NetBSD/RiscBSD (just add an
"options SETUIDSCRIPTS" to your configuration), those CANNOT be made secure
in any sense of the word.

There are some precautions in the code part enabled by SETUIDSCRIPTS (which
in turn enables FDSCRIPTS) against one of the security holes, but there are
others that are not pluggable in a general sense.  Things like redefining
IFS come to mind.

So in a general sense, setuid scripts ARE security holes, so leave the option
off if you don't know exactly what you are doing.

BTW, FDSCRIPTS (enabled automatically by SETUIDSCRIPTS) disables the
possibility of a script to access $0 (aka argv[0]).  And it doesn't work
with e.g. csh anyway.

Ciao,
Wolfgang
--
ws@TooLs.DE     (Wolfgang Solfrank, TooLs GmbH) 	+49-228-985800