[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [nmh-workers] I Could Have Sworn that the inc Command used to work.
|
From: |
Bakul Shah |
|
Subject: |
Re: [nmh-workers] I Could Have Sworn that the inc Command used to work. |
|
Date: |
Sat, 8 Jun 2019 08:21:01 -0700 |
On Jun 8, 2019, at 7:52 AM, Ralph Corderoy <address@hidden> wrote:
>
> Hi Bakul,
>
>> Privilege escalation should be done externally.
>
> Regardless of whether it's a good idea, since the kernel is using
> effective user and group IDs for testing permissions, if a user ID is
> used to determine what files to access then it should be the effective
> one rather than the real one. Do you agree?
I haven't thought about this to be frank because IMHO privilege escalation
should be used very very sparingly. My instinct would be to use euid/egid
*only* in programs that *are* to be used setuid/setgid. So that a misuse
will be caught more quickly. More as a general principle. Your checking
From/Subject for another user is not likely to be a common practice.
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., (continued)
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Bakul Shah, 2019/06/03
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy, 2019/06/03
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ken Hornstein, 2019/06/03
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy, 2019/06/04
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ken Hornstein, 2019/06/04
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy, 2019/06/08
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Bakul Shah, 2019/06/08
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy, 2019/06/08
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Bakul Shah, 2019/06/08
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy, 2019/06/08
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work.,
Bakul Shah <=
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy, 2019/06/09
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Valdis Klētnieks, 2019/06/08
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy, 2019/06/09
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ken Hornstein, 2019/06/09
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy, 2019/06/10
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Robert Elz, 2019/06/09
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Bakul Shah, 2019/06/04
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ken Hornstein, 2019/06/04
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Valdis Klētnieks, 2019/06/04
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Bakul Shah, 2019/06/04