Hans Dieter Pearcey wrote:
It would make a lot more sense to me to setuid/setgid whenever
a user/group are given than to continue running as root in one case and
not in the other.
Also, then you don't have to fiddle with chown.
Alas, setuid (and maybe setgid) do not just "work" with my perl, which
is from freebsd ports (perl-5.8.0). IIRC setuid capability is a
compile-time choice, so many systems may not come with that enabled... I
don't know. The other factor influencing the decision to not use
setuid in the case of just a unix socket was the decreased likelihood of
network-based attacks. Maybe a good direction to take this, is to have
spfd do the setuid/setgid stuff, but warn (instead of die) on failure?
--
=> Mark Foster <mark(_at_)foster(_dot_)cc> http://mark.foster.cc/
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡