"Edward Z. Yang" <ezy...@mit.edu> wrote: > There are many setuid binaries to non-root users, so getuid() != geteuid() > would probably make more sense, though I'm not 100% it has all the correct > security properties.
Might as well throw in getegid() != getgid() for good measure. Another issue with this: in the next couple years it looks like Fedora and Ubuntu will both be going towards filesystem capabilities instead of suid. If access to +RTS is restricted for suid binaries, it should probably also be restricted for binaries with elevated capabilities. -=rsw _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
