On Thursday, July 15, 2004 13:37:21 +0100 David Howells <[EMAIL PROTECTED]> wrote:
Yes. The problem is how do you distinguish between a SUID binary that needs your keys, and one that shouldn't be given them?
You don't. If you don't trust a program to do things as you, don't run it. SUID executables are a way of giving a program _elevated_ privilege, not reducing its privileges below those held by the user.
The is analoguous to the way local filesystem credentials are handled. If you run a SUID program, it can switch to your UID and do anything as you.
_______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
