On Mon, Nov 15, 2010 at 2:59 PM, Jan Safranek <[email protected]> wrote: > As Fedora security guys pointed out in > https://bugzilla.redhat.com/show_bug.cgi?id=646478, suid is bad. We use suid > only to allow /bin/cgexec write access to /var/run/cgred.socket. So, let's add > new harmless 'cgred' group, modify the daemon to allow this user write access > to > the socket and use sgid (to harmless 'cgred' group) on /bin/cgexec instead of > suid (to root). > > I am not sure where all the bits belong, especially the later two patches > could > be Fedora specific, if you want. >
Right, so I am bit nervous with these patches. Have you tested them enough? I think they should go in v0.37, but I am not so sure myself. I will trust your judgement on this one. Regarding 2 and 3, we have carried such patches in the past, and I don't think it a big deal. At the very least for any other distro its a good template to base on. Thanks! Dhaval ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ Libcg-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libcg-devel
