Date: Wed, 5 Sep 2001 21:52:58 +0300 From: Giorgos Keramidas <charon@labs.gr> To: Piet Delport <pjd@siberiyan.dyndns.org> Cc: freebsd-chat@FreeBSD.ORG Subject: Re: Scripts and setuid Message-ID: <20010905215258.A4304@hades.hell.gr> In-Reply-To: <20010905204055.A268@athalon>; from pjd@siberiyan.dyndns.org on Wed, Sep 05, 2001 at 08:40:55PM %2B0200 References: <999708032.3b96558062cd2@webmail.neomedia.it> <20010905204055.A268@athalon>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 05, 2001 at 08:40:55PM +0200, Piet Delport wrote: > > That still leaves me with the original question though, why can't > scripts be run setuid? Allowing scripts to be run with setuid is VERY insecure. It is very easy to set up the environment of the parent process and execute a script with certain things in the environment that will cheat and have the script execute code with elevated priviledges. -giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010905215258.A4304>