You wrote: | SUID shell scripts are traditionally insecure in unix environments. From | my understanding, this is because when the kernel hits the #! magic | number when executing the file, it then execs a shell and passes the [...] | Now, since some on the list have the kern_exec.c code from the SunOS | kernel (I'm sure SOMEONE kept a copy), shouldn't it be possible to | patch this source so that, combined with the /dev/fd filesystem, SunOS | supports secure SUID scripts? It seems to me that it should be easy to setuid scripts are insecure because the interpreter (the shell) is not designed to be secure. Trying to patch it to make it secure is the wrong answer. The right answer is to build little setuid tools that do exactly and only what you need, such as the port20 tool mentioned in Cheswick & Bellovin. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume