Originally Posted by normscherer
You need to think again about what a shell is. To the kernel it is just another program. Your second paragraph contradicts your first. As you note setuid scripts are bad but the kernel does not prohibit them. A reasonable security policy might prohibit them.
No, there is no contradiction. I said "shell script", not shell. I understand clearly that the shell is "just another program" (I've written one years ago). But a shell script is not "just another program".
The kernel traditionally treats a script differently than a binary executable. The kernel reads the file like any file, but must examine the first few "magic" bytes to determine the object format or locate the interpreter line. For scripts with an interpreter line, the kernel opens the given interpreter and does specially plumbing to pass the script to the invoked interpreter.
Executable binaries and shell scripts are different.
See man execve(2)
SUID and SGID processes can not be ptrace()d.
Linux ignores the SUID and SGID bits on scripts.