My point "1" is only true on Debian and derivatives. bash does drop its privilege when setuid and called as sh without -p just like when not called as sh, but Debian's bash package has a patch that disables that dropping of privileges when called as sh.
correction on my previous comment:
My point "1" is only true on Debian and derivatives. bash does drop its privilege when setuid and called as sh without -p just like when not called as sh, but Debian's bash package has a patch that disables that dropping of privileges when called as sh.
https:/ /bugs.debian. org/cgi- bin/bugreport. cgi?bug= 52586