A check that would be desirable for expireover, etc.

Alex Kiernan alexk at demon.net
Wed Apr 3 09:24:51 UTC 2002

Russ Allbery <rra at stanford.edu> writes:

> Jeffrey M Vinocur <jeff at litech.org> writes:
> > On Sat, 30 Mar 2002, figmentality wrote:
> >> Would a setgid-news flag on makehistory take care of it?
> Not for folks who use --with-umask=022, like I do.
> > Hmmm.  Not bad at all.  The tools we're concerned with (the ones that
> > change things; not, for example, grephistory) are mode 550 to begin
> > with, so there shouldn't be any security concerns.
> There aren't all that many of them; I think we could just put in a quick
> test of geteuid() at the beginning and exit if they're running as root.  I
> think we only need to worry about expire, expireover, makehistory, and
> makedbz at a first pass.  Most of the rest either don't create files or
> don't create files that need to be written later or that are too hard to
> fix (like innxmit or innfeed).  innd and nnrpd already have code to deal
> with being run as root.

Sounds like a good idea to me.

Alex Kiernan, Principal Engineer, Development, Thus PLC

More information about the inn-workers mailing list