> Could you be more precise on this point? I mean: if I correctly > understand, you said that this can induce unwanted behavior due to the > fact that, for example, firefox suppose it has the uid and gid of the > user who launch it (and not a different egid)? > > If I'am right, does this can really mater if the egid is the one of a > group that only own one (executable) file in the whole system whith only > read and execute permission on it?
You seem to be equating the setgid bit with the concept of "start a process with a different gid". No, that's not what it does. The setgid bit starts a new executable with a disjoint mix of effective, saved, and real gid list, as well as a gidlist. And that may have consequences. Maybe you think you can control all of the details and control the consequences; in that case you wouldn't be asking. You are asking about doing this for a gigantic program like firefox. That approach is crazy, and doesn't match what pf is doing in any case.
