Re: [nmh-workers] I Could Have Sworn that the inc Command used to work.

nmh-workers

Re: [nmh-workers] I Could Have Sworn that the inc Command used to work.

2019-06-08 10:21:32

On Jun 8, 2019, at 7:52 AM, Ralph Corderoy <ralph@inputplus.co.uk> wrote:


Hi Bakul,

Privilege escalation should be done externally.


Regardless of whether it's a good idea, since the kernel is using
effective user and group IDs for testing permissions, if a user ID is
used to determine what files to access then it should be the effective
one rather than the real one.  Do you agree?


I haven't thought about this to be frank because IMHO privilege escalation
should be used very very sparingly.  My instinct would be to use euid/egid
*only* in programs that *are* to be used setuid/setgid. So that a misuse
will be caught more quickly. More as a general principle. Your checking
From/Subject for another user is not likely to be a common practice.

-- 
nmh-workers
https://lists.nongnu.org/mailman/listinfo/nmh-workers

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., (continued) Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Bakul Shah Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ken Hornstein Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ken Hornstein Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Bakul Shah Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Bakul Shah Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Bakul Shah <= Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Valdis Klētnieks Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ken Hornstein Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Robert Elz Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Bakul Shah Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ken Hornstein Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Valdis Klētnieks Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Bakul Shah

Previous by Date:	Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy
Next by Date:	Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Valdis Klētnieks
Previous by Thread:	Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy
Next by Thread:	Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy
Indexes:	[Date] [Thread] [Top] [All Lists]