Try to write /usr/bin/passwd without setuid/setgid.

I thought the hole point with the shebang-scheme was that we could write scripts so that they would seem to work excatly as compiled programs.

The kernel does not make the system more safe by ignoring setuid/setgid on scripts, since I can always write a setuid/setgid wrapper C program that calls my script. The kernel should instead provide a simple API, that setuid/setgid on programfiles works in the same manner no matter how the program is implemented.

But anyway, I got the answer I was looking for. Case closed.

-----Original Message----- From: Derek Fountain [mailto:derekfountain@yahoo.co.uk] Sent: 19. januar 2004 10:31 To: suse-programming-e@suse.com Subject: Re: [suse-programming-e] Set uid on executables

Why do not pids.sh also report euid=0? Does this mean setuid/setgid on bash scripts are useless and misleading?

Basically, yes. A better way of looking at it is that setuid scripts are a security nightmare - the shell is so easy to corrupt that it's very hard to make a setuid script safe. For this reason the kernel doesn't allow them. This is a good thing - honest!