ugh, Linux ignores setuid on shell scripts because people are bad at writing shell scripts. so now i have a bunch of elfs w/ system()
In this race window you can rm the [symlink/hardlink to the] script and replace it with a malicious one.
-
-
oh, thanks for that. well, it'll do for changing the brightness on my laptop. all the interesting info is under uid 1000 anyway
-
clearly i'm not going for top-notch security on this one
End of conversation
New conversation -
-
-
Setuid should just be banned (mount w/nosuid), instead use ssh to localhost w/ forced-command and no passphrase on key.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.