Robert Watson wrote: > Let me give an example: because man is setuid to the man uid, the binary > must be owned by uid man. That is why it should be setgid to man, and not setuid. sgid has the same benefits in added privilegies for the user to read or write in special directories, but is less obvious how to elevate these privilegies to get more privilegies. In the case of man it should be close to impossible as all you get access to is the cache directories for preformatted man pages and I beleive most text pagers are quite safe when it comes to displaying text. In fact most programs found which is installed suid to some user is most of the time better installed as sgid to a isolated group for that programs needs, or not suid/sgid at all. -- Henrik Nordstrom
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:54:00 PDT