> Well, now that I've been trounced upon by several of you folks, ;-) I > realize that that by 'fixing the kernel' I was (mistakenly) assuming > that what was meant was 'disable set-uid interpreter scripts'. It was > disabling them entirely that I disagree with. Yes, I am aware of the > race condition with such scripts, and agree that it needs to be solved > before such scripts have any hope of being considered 'safe'. Excuse me? When we say FIXING THE KERNEL, we MEAN DISABLING SETUID SCRIPTS. If you have some other reasonable mechanism, I'd be interested in hearing it... > While we're on the subject: What should happen if you have a set-uid > interpreter script and the interpreter it invokes is also set-uid to a > different uid? This is a philosophical point, so I suppose the > discussion should be moved to some other list or newsgroup. Well, under SunOS 4.1.3, which was the OS in question, it keeps the uid/gid of the script, not the interpreter. This is arguably more consistent than taking the uid & gid of the interpreter. -- John Hawkinson jhawk@panix.com