Try to write /usr/bin/passwd without setuid/setgid. I thought the hole point with the shebang-scheme was that we could write scripts so that they would seem to work excatly as compiled programs. The kernel does not make the system more safe by ignoring setuid/setgid on scripts, since I can always write a setuid/setgid wrapper C program that calls my script. The kernel should instead provide a simple API, that setuid/setgid on programfiles works in the same manner no matter how the program is implemented. But anyway, I got the answer I was looking for. Case closed. -----Original Message----- From: Derek Fountain [mailto:derekfountain@yahoo.co.uk] Sent: 19. januar 2004 10:31 To: suse-programming-e@suse.com Subject: Re: [suse-programming-e] Set uid on executables

Why do not pids.sh also report euid=0? Does this mean setuid/setgid on bash scripts are useless and misleading?

Basically, yes. A better way of looking at it is that setuid scripts are a security nightmare - the shell is so easy to corrupt that it's very hard to make a setuid script safe. For this reason the kernel doesn't allow them. This is a good thing - honest! --

eatapple core dump

-- To unsubscribe, email: suse-programming-e-unsubscribe@suse.com For additional commands, email: suse-programming-e-help@suse.com Archives can be found at: http://lists.suse.com/archive/suse-programming-e