On Mon, Jan 10, 2005 at 04:03:48PM -0800, Roland Besserer wrote:
> 
> Naturally, I'm aware of the inherent security issues [...]

Of course. I wasn't questioning that.

What I was musing about was that maybe Solaris is doing some
dirty tricks to make the suid script (somewhat more) secure.
One of the possible approaches seems to be to pass the already-open
file descriptor to the interpreter -- maybe the interpreter (guile
in this case) doesn't `see' the first couple-of-lines of the
file? Solaris forgetting to rewind the file? Don't know.

But maybe... after all you might be better off with a wrapper
setuid (sudo or something custom-built)?

Regards
-- tomás