magic numbers

[Henry Spencer]

Yup, #! in the kernel permits setuid shell scripts.  I'm not sure
that this is a virtue, considering that people seem to be unaware of
the simply appalling number of security holes this opens up.  If you
think about the consequences of feeding a setuid shell file a non-
standard value of the IFS variable, with some suitably-named programs
lying around ready and waiting, you will have some idea of the sort
of things I'm referring to.  Shell files simply are not in a good
position to handle things like this; the interpretation process for
them is too complex and there is too little control over it.

This does not mean that I'm opposed to #! in the kernel, just that
setuid shell scripts seem a very weak justification for it, given
that they are grossly unsafe.
-- 
				Henry Spencer @ U of Toronto Zoology
				{allegra,ihnp4,linus,decvax}!utzoo!henry