On 13/10/2021 10:39, Denys Vlasenko wrote:
Who in their right mind would have a *setuid*
shell executable on any system where security matters?
I suspect this was originally not for the benefit of setuid shell
executables, but setuid shell scripts. Linux does not support those, so
the check is considered unnecessary on Linux.
However, actually, doing something along those lines is useful even on
Linux when setuid applications can be tricked to launch shell processes
in insecure ways. bash implements "privileged mode" which drops shell
privileges except when the setuid application specifically requests
keeping them, which I would like to see in dash as well. Tavis Ormandy
started a thread on that in 2013 with a patch,
https://www.mail-archive.com/dash@xxxxxxxxxxxxxxx/msg00788.html, it
would be good to get something along those lines in.
Cheers,
Harald van Dijk
