site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com On 1 Jun 2007, at 08:18, Serge Cohen wrote: _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... Thanks for the information, it is now much clearer why we did not achieve anything using this route.... If the SUID shell scripts are deactivated, I guess it is for a proper reason, and I'd rather stay with that default settings. Is this overly cautious to keep them deactivated ? No, it's not overly cautious. If you have a root setuid shell script, it is almost trivially easy to get root access. I imagine you could, for instance, put a directory in your home directory in your path ahead of /bin and /usr/bin, put a copy of the shell in that directory but give it the same name as some common command that's in the setuid script and then execute the script. When the script hits that command, it will instead execute your renamed shell - as root. This email sent to site_archiver@lists.apple.com