Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxl!ihnp4!zehntel!hplabs!sri-unix!jdb@s1-c From: jdb%s1-c@sri-unix.UUCP Newsgroups: net.unix-wizards Subject: Re: kernel recognizing #! scripts Message-ID: <17378@sri-arpa.UUCP> Date: Fri, 9-Mar-84 20:01:33 EST Article-I.D.: sri-arpa.17378 Posted: Fri Mar 9 20:01:33 1984 Date-Received: Tue, 13-Mar-84 00:44:37 EST Lines: 13 It is true that the "magic number" #! allows setuid/setgid command files to be executed. However, I do not trust them. This is not superstition; I know of a couple of security holes that can result. While there are ways to close these particular holes I'm not confident enough of the underlying mechanism to believe that there aren't other problems I haven't thought of. I recommend the use of #! for non-setuid command files; it is very useful for "make" and "awk". If you want something to be setuid, though, I suggest that you use a real binary program. -- John Bruner (S-1 Project, Lawrence Livermore National Laboratory) MILNET: jdb@s1-c UUCP: ...!decvax!decwrl!mordor!jdb