Kip Rugger wrote:
>
> Chris McDonough <[EMAIL PROTECTED]> wrote:
> >Aplogies for the ignorance, but can you maybe explain the concept
> >of supplemental group ids and give an example of how the current unpatched
> >behavior could be subverted?
>
> I can try...
>
> Supplemental gids are useful for allowing a user to belong to more
> than one group, or maybe to more than one project in normal parlance.
> This is normally effected by listing the uid opposite more than one
> group in /etc/group. The login process issues the initgroups(3) call
> to install these supplemental groups, which are inherited by all
> processes forked from the login shell.
> The problem is comes when you change user ids; for example what I
> saw with Zope (start -u nobody) was:
>
> before change after change
> ============= ============
> user id root nobody
> group id root nobody
> sup id(s) root root
Would you mind describing how you determine this?
--
Do not meddle in the affairs of sysadmins, for they are easy to annoy,
and have the root password.
_______________________________________________
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
