Roland McGrath <[EMAIL PROTECTED]> writes: > The only drawback I see is in the case when svuid!=euid or svgid!=egid, and > you are executing an sugid file. The user will reauthenticate everything > for the svuid=euid, svgid=egid change and then the filesystem will > reauthenticate everything again to do the suid/sgid. So, a sugid program > that execs another sugid program directly without an intervening exec of a > non-suid program--a pretty rare event, I would guess.
I'm happy to gunk up setuid execs with however many extra RPCs as long as normal execs can remain speedy. > > But there might be a security reason why we have to force the change > > to be made. But I can't possibly see what that would be. > > I don't think any concept of security is sensical for non-sugid execs with > EXEC_SECURE. The user who made the call will always be able to grab the > process by its scrawny little task port and diddle its ports out the wazoo. Exactly my thinking. _______________________________________________ Bug-hurd mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-hurd
