A check that would be desirable for expireover, etc.
Alex Kiernan
alexk at demon.net
Wed Apr 3 09:24:51 UTC 2002
Russ Allbery <rra at stanford.edu> writes:
> Jeffrey M Vinocur <jeff at litech.org> writes:
> > On Sat, 30 Mar 2002, figmentality wrote:
>
> >> Would a setgid-news flag on makehistory take care of it?
>
> Not for folks who use --with-umask=022, like I do.
>
> > Hmmm. Not bad at all. The tools we're concerned with (the ones that
> > change things; not, for example, grephistory) are mode 550 to begin
> > with, so there shouldn't be any security concerns.
>
> There aren't all that many of them; I think we could just put in a quick
> test of geteuid() at the beginning and exit if they're running as root. I
> think we only need to worry about expire, expireover, makehistory, and
> makedbz at a first pass. Most of the rest either don't create files or
> don't create files that need to be written later or that are too hard to
> fix (like innxmit or innfeed). innd and nnrpd already have code to deal
> with being run as root.
>
Sounds like a good idea to me.
--
Alex Kiernan, Principal Engineer, Development, Thus PLC
More information about the inn-workers
mailing list