Robert Watson wrote:
> Let me give an example: because man is setuid to the man uid, the binary
> must be owned by uid man.
That is why it should be setgid to man, and not setuid. sgid has the
same benefits in added privilegies for the user to read or write in
special directories, but is less obvious how to elevate these
privilegies to get more privilegies. In the case of man it should be
close to impossible as all you get access to is the cache directories
for preformatted man pages and I beleive most text pagers are quite safe
when it comes to displaying text.
In fact most programs found which is installed suid to some user is most
of the time better installed as sgid to a isolated group for that
programs needs, or not suid/sgid at all.
--
Henrik Nordstrom
