On Thu, Nov 07, 2013 at 17:54, Peter J. Philipp wrote: > OK I'll stop abusing. Here is my reasoning for the setgid change. > Pretend there is a way to break into the binary by means of the socket, > then I thought it'd be neat if it was disallowed to write into groups > that a user was in at the moment this binary was executed. I think this > is paranoid enough.
If this were a concern, we'd need similar patches for ftp, nc, firefox, and every other socket using program in the system. And then similar patches for every image viewer. And text editor. And so on. In short, we are not out to protect users from themselves (at least, not in this way). If you don't want a program to have group privileges, that's your responsibility, not the responsiblity of every program.
