Fred Blonder reckons: >Ummm, then how's it going to cope with set-uid perl scripts, which ARE >rumored to be secure? You could have a table of 'ok shell >interpreters' in the kernel, but that would be extremely ugly. > >Since the problem is in /bin/sh, that is where it should be solved, or >at least avoided. If you across-the-board disable all set-uid shell >interpreters, that will infuriate the few who do it right, and remove Bzzzt, thank you for playing. Some of the problems are in /bin/sh. The most disturbing problem is a race condition in the kernel between the permissions check (which assigns the effective uid) and the opening of the file by the interpreter. This race condition can be exploited to subvert secrity. Perl requires a C wrapper to run setuid, the wrapper is not subject to the race condition.