On Jun 8, 2019, at 7:52 AM, Ralph Corderoy <[email protected]> wrote: > > Hi Bakul, > >> Privilege escalation should be done externally. > > Regardless of whether it's a good idea, since the kernel is using > effective user and group IDs for testing permissions, if a user ID is > used to determine what files to access then it should be the effective > one rather than the real one. Do you agree?
I haven't thought about this to be frank because IMHO privilege escalation should be used very very sparingly. My instinct would be to use euid/egid *only* in programs that *are* to be used setuid/setgid. So that a misuse will be caught more quickly. More as a general principle. Your checking From/Subject for another user is not likely to be a common practice. -- nmh-workers https://lists.nongnu.org/mailman/listinfo/nmh-workers
