On 13/10/2021 10:39, Denys Vlasenko wrote:
Who in their right mind would have a *setuid* shell executable on any system where security matters?
I suspect this was originally not for the benefit of setuid shell executables, but setuid shell scripts. Linux does not support those, so the check is considered unnecessary on Linux.
However, actually, doing something along those lines is useful even on Linux when setuid applications can be tricked to launch shell processes in insecure ways. bash implements "privileged mode" which drops shell privileges except when the setuid application specifically requests keeping them, which I would like to see in dash as well. Tavis Ormandy started a thread on that in 2013 with a patch, https://www.mail-archive.com/dash@xxxxxxxxxxxxxxx/msg00788.html, it would be good to get something along those lines in.
Cheers, Harald van Dijk