Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!uunet!aplcen!haven!uvaarpa!mmdf
From: worley@compass.com (Dale Worley)
Newsgroups: comp.lang.perl
Subject: Trouble with setuid
Message-ID: <1990Aug29.165446.19838@uvaarpa.Virginia.EDU>
Date: 29 Aug 90 16:54:46 GMT
Sender: mmdf@uvaarpa.Virginia.EDU (Uvaarpa Mail System)
Reply-To: worley@compass.com
Organization: The Internet
Lines: 17


   X-Name: Matthias Urlichs

   In that case, there's no security hole, since suidperl will first open the
   script and then use fstat() to find out about the setuid bits.

Wouldn't it be possible to put this check into the shell, so setuid
shell scripts would be OK?

And doesn't suidperl have to also verify that the user is allowed to
execute this file, as well as checking the setuid bit?

Dale Worley		Compass, Inc.			worley@compass.com
--
The illicit drug business has been described--not entirely in jest--as
the best means ever devised by the United States for exporting the
capitalist ethic to potentially revolutionary Third World peasants.