On Tue, Jun 01, 2004 at 11:21:23PM -0400, James Damour wrote: > My understanding of the position of Bob and Mike can be summed up as, "in > general, shell script's can't be made to use setuid/setgid securely". > Basically, the problem comes down that a user can manipulate their PATH to > redefining basic commands that are used by the shell scripts (like "ls") > in order to elevate their privileges.
It's not impossible, it's just tricky, and the technique you chose has already been implemented (in sudo). -- - mdz
