> >Wouldn't using setuid() suffice? > > I doubt that. At least change the gid and reset the auxilliary
Sure, make that setuid() and setgid(). > groups vector. But using setres[ug]id() is safer, especially > considering each instance shells out to cpp(1), which would > then otherwise be suid-user. Could you elaborate why? I cannot see much of a difference in these when it comes to the topic at hand. Doesn't set[ug]id set all ids to the given one? Why is that less safe? Thanks, Michael -- Michael Meskes Michael at Fam-Meskes dot De Michael at Meskes dot (De|Com|Net|Org) Meskes at (Debian|Postgresql) dot Org
