tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: setuid scripts

In article <>, Aleksej Saushev  
<> wrote:
>Alan Barrett <> writes:
>> On Sat, 14 Feb 2009, Aleksej Saushev wrote:
>>> > I think you can run setuid scripts if you build a custom kernel with
>>> > SETUIDSCRIPTS enabled.
>>> Does it prevent symlink attack or simply disables the check?
>> AFAIK it works properly, by passing the script to the shell using an
>> open file descriptor, named via /dev/fd/${number}.  I have no idea why
>> it's disabled by default.
>Any reason to keep it disabled?

People who write setuid shell scripts usually don't know what they are doing?


Home | Main Index | Thread Index | Old Index