Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'only for scripts' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
only for scripts
Authored by: hayne on Apr 18, '05 11:01:18AM

The disabling of setuid capabilities is only for scripts - it is still supported for compiled executables. All SUID programs supplied with OS X are compiled executables and that is why they continue to work as before.

Historically, SUID shell scripts have been problematic due to the fact that their execution involves a runtime interpreter (the shell) and that there has been the possibility for a sufficiently skilled mal-doer to substitute some other instructions for the contents of the script before it starts execution. Even though all known ways for doing this have been prevented in OS X's underlying FreeBSD code, Apple has taken the more conservative and safer route of forbidding SUID scripts anyway. This is not a significant loss of functionality since anyone who is sufficiently competent to write a secure SUID script would likely also have the programming knowledge to implement the same thing in a compiled language.

[ Reply to This | # ]