[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: seduid scripts



> I think setuid scripts are absolutely evil, and should be avoided
> at all cost. First of all, there's the security implications.
> (Not that MiNT is secure now, but we can try...). A setuid-root
> shell scripts can be abused in so many ways we should leave it out.

I disagree. People have an inherent distrust of setuid scripts, but in
fact they're likely to be *more* secure than their binary counterparts.
Certainly, programming in csh is encouraged here rather than write a setuid
program because csh runs 'programs' sloppily, but scripts use the 
un*x commands which do their own checking on all things. If a script is
written to only explicitly call programs as in '/bin/rm filename' then it is
just as secure (if not more so) than a program. (It should obviously make
sure it can't be interrupted as well :-)

I appreciate the problem of putting it into the kernel -  a pity TOS wasn't
more un*x like from the start :-)