Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83 (MC840302); site mcvax.UUCP Path: utzoo!watmath!clyde!burl!ulysses!allegra!bellcore!decvax!genrad!teddy!panda!talcott!harvard!seismo!mcvax!jim From: jim@mcvax.UUCP (Jim McKie) Newsgroups: net.unix Subject: Re: 2 shell questions before the new year Message-ID: <405@mcvax.UUCP> Date: Wed, 9-Jan-85 21:56:02 EST Article-I.D.: mcvax.405 Posted: Wed Jan 9 21:56:02 1985 Date-Received: Sat, 12-Jan-85 07:19:01 EST References: <6820@brl-tgr.ARPA> <240@mtxinu.UUCP> Reply-To: jim@mcvax.UUCP (Jim McKie) Organization: CWI, Amsterdam Lines: 11 In article <240@mtxinu.UUCP> ed@mtxinu.UUCP (Ed Gould) writes: >The advantages of directly-execable scripts are two-fold. First, >it allows *any* interpreter to be specified for the rest of the >file, not just a shell. Second, the set-uid and set-gid bits >are honored. Voila! Set-uid shell scripts! Unless you've fixed your kernel, if you have setuid shell scripts you have a security hole. Don't send me mail asking what it is. Jim McKie mcvax!jim