[kismac] Re: suid off

  • From: "Dan Oetting" <dan_oetting@xxxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Fri, 29 Apr 2005 00:00:45 -0600

On Apr 28, 2005, at 1:33 PM, Brad Knowles wrote:

But I'm pretty sure I've been hearing the sentiment (SUID scripts
are dangerous) for as long as I've been playing with Linux (2.0 kernel?)
and BSDs (Freebsd 3.1?)

I've been hearing this since I started mucking about with shell scripts, over twenty years ago -- BSD 2.9.something running on a PDP 11/70.

SUID scripts were a side effect of of the #! hack that allows all scripts to be invoked by the exec() system call. The first mention of the idea was around 1981 and first implementation appears to be 4.1BSD and later incorporated in 2.8BSD. By December 1981 there is already talk about the dangers of SUID scripts.

Other related posts: