On Sun, 7 Apr 2002, [ISO-8859-2] Paweł Jakub Dawidek wrote: > Hey. > > What do You think about this patch? > This can help non-root applications like apache etc. > For example when I got access to many files from many groups when attacker > will exploit this application he got access to all files, coz there is no > way to setgroups() if I am non-root and maybe only demon needs access to all > files - child needs only access to files owned by one group.
This breaks the (rare) case of using group membership for negative access control. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 [EMAIL PROTECTED] perl -e 's?ck?t??print:perl==pants if $_="Just Another Perl Hacker\n"' To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
