In message <199409262012.QAA04662@nasirc.hq.nasa.gov> you write: > Since the problem is in /bin/sh, that is where it should be solved, or > at least avoided. If you across-the-board disable all set-uid shell > interpreters, that will infuriate the few who do it right, and remove > any motivation for others to do it correctly. The problem is not in /bin/sh but in the kernel. It really doesn't matter which interpreter you execute. Interpreters are useally not designed to execute with euid 0, there are just to many ways to manipulate them. The magic token '#!' that signals the kernel to execute an interpreter is something that should not be combined with suid permissions. So the proper place to fix the problem is the kernel. Suidperl clames to be the rare exception to the rule. Personally I don't trust it. It is hard enough to make a C program suid save. > ----- > Fred Blonder fred@nasirc.hq.nasa.gov > > Hughes STX Corp. (301) 441-4079 > 7701 Greenbelt Rd. > Greenbelt, Md. 20770 Harold van Aalderen |email: harold@sara.nl system programmer/site security contact | SARA (Academic Computing Services Amsterdam) |phone: +31 20 5923000 PO Box 94613 1090 GP Amsterdam The Netherlands|fax : +31 20 6683167