[Top] [All Lists]

Re: [nmh-workers] I Could Have Sworn that the inc Command used to work.

2019-06-08 10:21:32
On Jun 8, 2019, at 7:52 AM, Ralph Corderoy <ralph@inputplus.co.uk> wrote:

Hi Bakul,

Privilege escalation should be done externally.

Regardless of whether it's a good idea, since the kernel is using
effective user and group IDs for testing permissions, if a user ID is
used to determine what files to access then it should be the effective
one rather than the real one.  Do you agree?

I haven't thought about this to be frank because IMHO privilege escalation
should be used very very sparingly.  My instinct would be to use euid/egid
*only* in programs that *are* to be used setuid/setgid. So that a misuse
will be caught more quickly. More as a general principle. Your checking
From/Subject for another user is not likely to be a common practice.


<Prev in Thread] Current Thread [Next in Thread>