It not so much that it's "disabled", it's that a script is actually interpreted by a binary that isn't setuid. When executing a script, the OS executes the interpreter specified on the first line and assumes it can pass the entire command line as its arguments. The interpreter then opens and executes the script. For a script to actually be setuid, the interpreter would have to be setuid-root, it would have to know to check the flags and ownership of the script, change users to root, and lastly change users to those specified for the script file.
Kevin Barry
Last edited by ta0kira; 09-04-2009 at 12:19 PM.
|