Meanwhile I have learned a propos the issue of the assumed insecurity of setUID scripts that not only the absence of trust in the interpreter and its programmer is the reason for disallowing setUID scripts, but also there used to be such a reason as a possible race attack on the execution of "shebangs" -- http://unix.stackexchange.com/q/364/4319#2910 :

If setuid scripts are allowed with this implementation, an attacker can invoke an arbitrary script by creating a symbolic link to an existing setuid script, executing it, and arranging to change the link after the kernel has performed step 1 and before the interpreter gets around to opening its first argument. For this reason, most unices ignore the setuid bit when they detect a shebang.

Great to know!

(But as that explanation notes there have been invented safe mechanisms to achieve our goal here; so we still should hate modern Linux for this restriction, unlike *BSDs and Mac OS X, probably.)

(Reply to this)