Hi,

At Fri, 29 Aug 2003 08:56:42 +0900,
ahoward wrote:
>   setregid (pw_gid, pw_gid);
>   /* setgid (pw_gid); */
>   setfsgid (pw_gid);
> 
>   setreuid (pw_uid, pw_uid);
>   /* setuid (pw_uid); */
>   setfsuid (pw_uid);

These set both of real and effective IDs, so ruby cannot know
if it's invoked as setuid.

>   (ruby = getenv ("RUBY")) || (ruby = RUBY);

In general, using environment variables in setuid program
should be more careful.

And this code does no check for the given script itself.  I
can't help warning it is very dangerous.

-- 
Nobu Nakada