On Sat, 17 Oct 2015, D. Hugh Redelmeier wrote:
New commits:
commit 7157c4b1ebab0698a026e5d667ec443a12083436
Author: D. Hugh Redelmeier <[email protected]>
Date: Sat Oct 17 01:12:31 2015 -0400
whack: be more careful dropping privilege
- spell better
- detect and report error
I'm not convinced that this is actually correct logic.
There is no explanation of when it is needed.
Is the whack executable file ever setgid or setuid?
Note that your commit talks about whackinit.c and not whack.c
The original goal of whackinit.c was to have a "limited whack"
command that was setuid/setgid that would allow a non-root
user a limited set of operations. For example to run whack --status
or whack --initiate but not whack --add.
We currently don't use or compile whackinit.c
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
