On 22/08/13 19:59, Tavis Ormandy wrote:
Hello, this is a patch to add privmode support to dash. privmode attempts to
drop privileges by default if the effective uid does not match the uid. This
can be disabled with -p, or -o nopriv.
Hi Tavis,
Your approach definitely has my support (FWTW),
On Thu, Aug 22, 2013 at 1:35 PM, Jilles Tjoelker jil...@stack.nl wrote:
I think there is no reason to deviate from other shells here. Therefore,
please call it privileged.
Agreed.
In bash and FBSD, after starting with -p, set +p can be used to drop
privileges. With your patch, dash accepts
On Thu, Aug 22, 2013 at 09:59:36PM +0200, Harald van Dijk wrote:
On 22/08/13 19:59, Tavis Ormandy wrote:
Hello, this is a patch to add privmode support to dash. privmode attempts to
drop privileges by default if the effective uid does not match the uid. This
can be disabled with -p, or -o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/22/2013 11:59 AM, Tavis Ormandy wrote:
Here is a related blog post on the topic
http://blog.cmpxchg8b.com/2013/08/security-debianisms.html
If you care about tracking vulnerabilities, the vmware issue is
called CVE-2013-1662.
Do we need