Hello, > > The way I remember it is: > > > > 1) kernel opens the file, finds it suid > > 2) kernel executes the shell with that uid > > 3) shell opens the same filename ... > I think it's probably the kernel that does the open on step 3,
No, it's the shell - it gets passed the filename. If it was the kernel opening the file, there wouldn't be any problem, just like there's no problem with ordinary executables. > I wonder how other unix variants that allow suid scripts do this? As somebody pointed out - the kernel opens the file, and hands the open filehandle to the shell. A filehandle always points to the same file (inode), which stops this particular trick. You still have to watch out for things like wierd environment variables. Jiri <[EMAIL PROTECTED]>
