Hi Bakul, > > Regardless of whether it's a good idea, since the kernel is using > > effective user and group IDs for testing permissions, if a user ID > > is used to determine what files to access then it should be the > > effective one rather than the real one. Do you agree? > > I haven't thought about this to be frank because IMHO privilege > escalation should be used very very sparingly. My instinct would be > to use euid/egid *only* in programs that *are* to be used > setuid/setgid. So that a misuse will be caught more quickly.
Using real-UID does the wrong thing and that *hopefully* shows up due to nmh spotting the problem and the error rippling all the way up to the eyeballs. But it might not and the problem needs to be spotted and then hunted. Using effective-UID does the right thing AFAICS because now nmh is matching the kernel's efforts. -- Cheers, Ralph. -- nmh-workers https://lists.nongnu.org/mailman/listinfo/nmh-workers
