Path: utzoo!attcan!uunet!auspex!guy
From: guy@auspex.auspex.com (Guy Harris)
Newsgroups: comp.sys.sgi
Subject: Re: setting SUID for scripts
Message-ID: <3795@auspex.auspex.com>
Date: 30 Jul 90 18:02:24 GMT
References: <9007292052.AA21084@ccu1.aukuni.ac.nz> <11086@odin.corp.sgi.com>
Organization: Auspex Systems, Santa Clara
Lines: 11

>As far as I know, we have no intentions of completely dropping
>support for setuid scripts, even if/when we pick up the V.4
>features.

Given that S5R4 includes support for setuid scripts, complete with the
"standard" fix for what is probably the most (in)famous security hole
(although there may well be other holes; when you're dealing with a
shell, you're dealing with a fairly big program, and there may well be,
umm, *interesting* combinations of individually-reasonable features that
open holes in set-UID scripts), I'd expect you wouldn't drop support for
them....