What I'm concerned about is things like spamd, a part of spamassassin. It runs as a user, then setuid's to the user running the client. This allows it to use a bunch of config files and db's as the user directly... It sounds like it'll be dead if you add in 10.3.9. We'll have to see. The difference between running normal SA & spamd is about 12 seconds vs 1.5 seconds per message. spamd's performance is even better, but that's just on a single message... (it gets better due to being able to handle multiple messages at once, vs a single message for SA ) Matthew Matthew Barr Managing Partner Datalyte Consulting, LLC Apple Authorized Reseller mailto:mbarr at datalyte.com cell: (646) 765-6878 On Apr 18, 2005, at 11:06 AM, Albert Lunde wrote: >>> I'm not sure I understand this right. Is 10.3.9 disabling the >>> SUID/SGID >>> functionality? >> >> The statement is misleading. While Apple does not distribute SUID/SGID >> "scripts" it does distribute SUID "programs" -- the most well known >> being >> sudo. > > The reason for concern about setuid _scripts_ is that, under many > versions of Unix, there is a race condition that makes setuid > scripts insecure. (I think what it amounts to is that one > can't be sure the script interpreter is running the same script as > was there when the setuid bit was evaluated.) > > The classic workaround has been to write a setuid wrapper > program, say in C, and have that run a non-setuid script. > > Some OS or script interpreter versions have tried to avoid the race > condition, but it's easier to turn off the dangerous case than "fix" > it.) > > (This was first an issue with shell scripts but it also can apply > to things like perl.) > _______________________________________________ > X-Unix mailing list > X-Unix at listserver.themacintoshguy.com > http://listserver.themacintoshguy.com/mailman/listinfo/x-unix > > Listmom is trying to clean out his closets! Vintage Mac and random > stuff: > http://search.ebay.com/_W0QQsassZmacguy1984