> > > > You want to allow shellscripts with special powers?!?!?
>
> > > I may want to _strip_ shellscripts of power.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
********************************************
> > Ok, that's legitimate. In such case , we'll have to modify shell to
> > understand something like --drop, so that beggining of shell would
> > look like
> >
> > #!/bin/bash --drop NET_BIND_SERVICE
>
> Great. Now the default shell is all-powerful.
Linus asked how do shellscripts _drop_ power. For shellscripts run
nightly from cron it is very good idea to drop some of their
capabilities. So no, I do not want default shell suid0.
But take a look at sperl, they obviously have suid0 interpretter, and
if you wanted possibility for setuid shell scripts, making setuid
version of bash (of course aware of situation - like sperl is) would
be the way.
Pavel
-- I'm really pavel@ucw.cz. Look at http://195.113.31.123/~pavel. Pavel Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/