John Plocher wrote:
> What is the basic use case for this priv?
I assumed it was to let setuid programs have one more thing they could
give up, to reduce the number of things an exploit could do if you did
find a security hole in them that allowed running arbitrary code, like
most of the rest of the "basic" privileges.
> On Wed, Dec 23, 2009 at 2:34 PM, Alan Coopersmith
> <Alan.Coopersmith at sun.com> wrote:
>> How would this be any different than if they tried removing other basic
>> privileges, like the ability to fork() or exec(), from apps that really
>> needed it? If customers break their system, it's broken.
>
> I think the difference is that for those, the set of system middleware
> we provide doesn't silently rely on them for proper operation;
Just various non-obvious functions in libc(). (Do you think most programmers
realize wordexp(), pututxline() or grantpt() call fork+exec?)
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
