[...] > the executable (bash, whatever) opens the file > it closes it > it changes uid/gid to reflect suid status -> so it becames root or whatever > it reopens it > and executes it > > problem: you can change the content of the file between the two !! > so you can have your script, running as root, executing whatever you want !!
So that's the problem with SUID scripts. Seems to me it could be solved by *not* closing the script file, just keep it open. Why can't that be done? It can't be possible, or someone would surely have fixed it a long time ago? Helge Hafting
