bsh & ksh running setuid

[Dick Dunn]

fsfrick at bones.lerc.nasa.gov (David Fricker) writes:
> FYI: under AIXv3.1 release 3003, bsh & ksh do NOT ignore the
> setuid bits when running a script...
...
> So, if you want scripts to run setuid and you have release 3003, you
> may want to save a copy of the bsh & ksh binaries.

1.  I'm not clear on how this is a property of the shells, rather than
the OS.  Seems that the shell isn't going to be able to alter its own uid;
it needs kernel help at exec() time.

2.  For those who haven't run into this before: Note that setuid shell
scripts are a security sieve.
-- 
Dick Dunn     rcd at ico.isc.com -or- ico!rcd       Boulder, CO   (303)449-2870
   ...If you plant ice, you're gonna harvest wind.