>Another one - is it a problem that our login does not setsid? >Wouldn't it make it susceptible to attacks from processes >in its process group or session? Those processes >are "untrusted" since potentially they are run by non-root.
We have noticed no problems, but are not Unix experts. My own experience predates setsid(), anyway! (SVR2 and its workalike, Dnix.) I would guess that following the lead of big-brother login would be a fairly safe choice at this point. Our own deployed environment won't even allow root logins, nor any other account than the special ones we create, except in special debugging builds. You normally never get a regular shell, only our custom app. So I guess that we aren't too worried about this point. Not right now, anyway. -- vda _______________________________________________ busybox mailing list [email protected] http://busybox.net/cgi-bin/mailman/listinfo/busybox
