From: Stachu 'Dozzie' K. (cut-to-last-hypen-dozzie_at_dynamit.im.pwr.wroc.pl)
Date: Tue, 24 Aug 2004 12:38:43 +0000 (UTC)
On 2004-08-23, Kevin Rodgers wrote:
> Stachu 'Dozzie' K. wrote:
> > No, you understand it incorrectly. SUID bit *never* affects scripts,
> > only binaries (it's small simplification, try searching for suid-perl).
> That must depend on the OS, as I've used setuid and setgid scripts
> successfully (on SunOS/Solaris). But they were not owned by root.
Heh, good to know. Thanks.
> > It's security reason.
> I don't think setuid scripts are a security issue in general, just
> setuid root scripts.
I agree. All setuid executable files are a potential security risk, even
-- Stanislaw Klekot