http://qs321.pair.com?node_id=6467


in reply to How to determine the program path from a set-uid program

After looking around on a Solaris box for a bit, I've also come to the unfortunate conclusion that there isn't really anything you can do. There seems to be no trace of the actual command typed anywhere. ps reports the pid as running /usr/bin/perl -w /dev/fd/4, and the lack of a decent /proc system on Solaris is also a dead end. If you are forced to pick, the latter of the two choices above sounds like a safer bet... always better to not have to deal with taint-checking of any external variables in a program, especially an suid one.