It's not a Feature, It's a Vulnerability!

pmeunier writes "Apple's security stance is stunning. In the latest (10.3.9) update, Apple removed two capabilities because they pose security risks. One of them is the capability to run setuid and setguid scripts (the other was actually unused). Can other commercial OS vendors (how many are there :) adopt a similar stance? Will you be inconvenienced by the inability to run setuid scripts on MacOS X? Which other features/capabilities (in any OS) would you like to have removed?"

Re:Answers

[a11]

Informative? how about False!! The link mentions only one script exploit, and it's false. making a link called "-i" to a shell script does not start up an interactive shell. SUID scripts are no more a hole than any other program. bad code is bad code. this rumor is an ancient unix fairytail. take it from a real sysadmin.

Re:Are you out of your mind?

[a11]

again, ANCIENT fairytail. first, only in bourne. any posix shell will have things like buffer padding. and I'm sorry, how exactly are you going to exploit a buffer overflow in my -s shell script? Maybe if someone doen't know how to properly write a shell script. The fact that you refer to linux tells me that you don't deal with tier1 applications for large companies. linux is not even close to posix compliance and not nearly mature enough. In posix shells, there's a -s option - read up on what it does. all you people noting huge holes are yet to give a current, example where the script is not written in a bad way to allow the bug. I can have a suid c program to syscall argv. that doesn't mean suid should be banned. that means whoever wrote the bad code should be flipping burgers.