On Mon, 05 Dec 2005 12:32:13 +0000 Dave wrote: DS> On Mon, 2005-12-05 at 07:11 -0500, Robert Story wrote: DS> > My main concern is that configuration files that are DS> > owned/writable by a non root-user degrades the security DS> > of the system by effectively giving everyone with write DS> > access to the files root access. DS> DS> Does it? How?
I didn't say it did, I said it was my main concern. DS> The other question that springs to mind is how portable DS> "drop-then-raise" access is. Certainly when I first DS> came across this idea, you had to be very careful to DS> finish any privileged operations before switching UID, DS> as it was impossible to get root access back again. Yes, this is something we'd have to investigate. The other possibility would be to fork off a process before switching the gui, and delegating tasks that need root access to the child process. -- Robert Story; NET-SNMP Junkie Support: <http://www.net-snmp.org/> <irc://irc.freenode.net/#net-snmp> Archive: <http://sourceforge.net/mailarchive/forum.php?forum=net-snmp-coders> You are lost in a twisty maze of little standards, all different. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
