Isaac To wrote: > But yes, it is ugly. It might be better if any SGID program is also SUID > nobody, and re-acquire real user privilege only when required. But still, > it is ugly. That is not a viable approach unless the binary (and all other binaries owned by nobody) also is immutable. If the binary isn't immutable and someone finds a security breach in the program or one of the invoked sub-programs then they can easily replace the binary with a custom one, and if root (or another user) then runs this program in the beleif that it is the original one... -- Henrik Nordstrom
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:55:11 PDT