On Jun 8, 2019, at 7:52 AM, Ralph Corderoy <firstname.lastname@example.org> wrote:
Privilege escalation should be done externally.
Regardless of whether it's a good idea, since the kernel is using
effective user and group IDs for testing permissions, if a user ID is
used to determine what files to access then it should be the effective
one rather than the real one. Do you agree?
I haven't thought about this to be frank because IMHO privilege escalation
should be used very very sparingly. My instinct would be to use euid/egid
*only* in programs that *are* to be used setuid/setgid. So that a misuse
will be caught more quickly. More as a general principle. Your checking
From/Subject for another user is not likely to be a common practice.