On Mon, 2005-12-05 at 07:11 -0500, Robert Story wrote: > My main concern is that configuration files that are > owned/writable by a non root-user degrades the security > of the system by effectively giving everyone with write > access to the files root access.
Does it? How? (Hmmm... - perhaps you better not answer that question in detail here on a public mailing list!) The other question that springs to mind is how portable "drop-then-raise" access is. Certainly when I first came across this idea, you had to be very careful to finish any privileged operations before switching UID, as it was impossible to get root access back again. That doesn't seem to be universally true any more, but I do wonder how widespread POSIX_SAVED_IDS is. > I think Wes, security conscious as he is, will agree > with me here. If not, I'll happily concede the point. I'd certainly like to hear Wes' thoughts on this. Dave ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
