[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [nmh-workers] I Could Have Sworn that the inc Command used to work.
|
From: |
Ralph Corderoy |
|
Subject: |
Re: [nmh-workers] I Could Have Sworn that the inc Command used to work. |
|
Date: |
Sun, 09 Jun 2019 09:42:49 +0100 |
Hi Bakul,
> > Regardless of whether it's a good idea, since the kernel is using
> > effective user and group IDs for testing permissions, if a user ID
> > is used to determine what files to access then it should be the
> > effective one rather than the real one. Do you agree?
>
> I haven't thought about this to be frank because IMHO privilege
> escalation should be used very very sparingly. My instinct would be
> to use euid/egid *only* in programs that *are* to be used
> setuid/setgid. So that a misuse will be caught more quickly.
Using real-UID does the wrong thing and that *hopefully* shows up due to
nmh spotting the problem and the error rippling all the way up to the
eyeballs. But it might not and the problem needs to be spotted and then
hunted. Using effective-UID does the right thing AFAICS because now nmh
is matching the kernel's efforts.
--
Cheers, Ralph.
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., (continued)
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy, 2019/06/03
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ken Hornstein, 2019/06/03
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy, 2019/06/04
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ken Hornstein, 2019/06/04
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy, 2019/06/08
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Bakul Shah, 2019/06/08
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy, 2019/06/08
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Bakul Shah, 2019/06/08
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy, 2019/06/08
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Bakul Shah, 2019/06/08
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work.,
Ralph Corderoy <=
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Valdis Klētnieks, 2019/06/08
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy, 2019/06/09
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ken Hornstein, 2019/06/09
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ralph Corderoy, 2019/06/10
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Robert Elz, 2019/06/09
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Bakul Shah, 2019/06/04
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ken Hornstein, 2019/06/04
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Valdis Klētnieks, 2019/06/04
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Bakul Shah, 2019/06/04
- Re: [nmh-workers] I Could Have Sworn that the inc Command used to work., Ken Hornstein, 2019/06/04