Matthew Dillon wrote:
It is far less safe if you allow the user to exec a suid program. I really hate SUID binaries and would recommend against them. A mail front-end, for example, should connect to a service already running as root and NOT itself be a SUID binary.If I were to give advise here, it would be 'don't worry about the peformance cost of doing a fork()'.
Oh, sure. I just also wanted to avoid having to have a process running all the time. Right now every dma instance cares about itself and does all queueing, etc. Once it has done its job, it quits.
Running a setuid root binary or having root starting a setuid process doesn't make much of a difference, no?
cheers simon -- Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\ Work - Mac +++ space for low €€€ NOW!1 +++ Campaign \ / Party Enjoy Relax | http://dragonflybsd.org Against HTML \ Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
