Follow-up Comment #4, bug #29755 (project gnustep):
> In most typical GNUstep setups gdomap is no longer needed,
> so we may just need a bit more documentation for distributions
> about when to install it at all
That's like saying the spell server and sound daemons are not needed (because
few people use them), and therefore should not be installed by most
distributions.
When to install would be *always* ... otherwise networked distributed objects
are broken.
The issue is whether a distribution should install the program setuid ... and
of course it is (and always has been) recommended that it's started at system
boot time (in which case the setuid flag is not needed).
We should perhaps change our install script to install without the setuid
flag, forcing the distributors to do that themselves if they want it.
> Otherwise the dropping of the privileges sounds like the best option.
Unfortunately that's not an easy option since not all systems actually allow
you to restore privileges once dropped, and you need to be privileged to open
the port to work on. I don't actually think that would improve security
significantly (or at all as long as access() works) now that the code uses
access() to check the files anyway.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?29755>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
_______________________________________________
Bug-gnustep mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-gnustep
