I was looking around the net this weekend, and found something that made me start thinking. SUID shell scripts are traditionally insecure in unix environments. From my understanding, this is because when the kernel hits the #! magic number when executing the file, it then execs a shell and passes the name of the shell script as an argument. Since starting the shell can take a finite amount of time, there's a race condition where you can substitute in a different file for the one that originally spawned the shell. Also from my understanding, at least one Unix has solved this problem by making a /dev/fd filesystem, and passing a file descriptor to the already open file as an argument to the shell, which makes sure that the file that gets opened is really the one that the kernel originally opened. Now, assuming I have all that right (someone correct me if I'm wrong), let me say this. While looking around on the net, I found a /dev/fd device driver for SunOS. I've played around with it, and it seems to work just as it's designed. Now, since some on the list have the kern_exec.c code from the SunOS kernel (I'm sure SOMEONE kept a copy), shouldn't it be possible to patch this source so that, combined with the /dev/fd filesystem, SunOS supports secure SUID scripts? It seems to me that it should be easy to put a truly useful feature into SunOS that wasn't previously possible. I, unfortunatley, don't have the skill to do something like this, but surely SOMEONE must be able to, and ditribute diff' to the code. Or am I missing something really obviou here? -WW [Note to the listowner: I hope this classifies as on topic -- I think discussion of closing security holes is as on topic as talking about the existance of them, yes?]