A check that would be desirable for expireover, etc.
Jeffrey M. Vinocur
jeff at litech.org
Sun Mar 31 03:32:15 UTC 2002
On Sat, 30 Mar 2002, figmentality wrote:
> Jeffrey M. Vinocur writes:
>
> Actually, that's not always true -- it's a common newbie mistake to do
> something like the initial makedbz as root, realize the mistake, and chown
> the entire tree to news, including the binaries which need to be SUID.
> So this is a potentially good idea.
> I'm not sure how best to do it, though.
>
> Would a setgid-news flag on makehistory take care of it?
Hmmm. Not bad at all. The tools we're concerned with (the ones that
change things; not, for example, grephistory) are mode 550 to begin with,
so there shouldn't be any security concerns.
There are some Perl and shell scripts, but at quick glance most of them at
least don't concern us here, luckily.
> Please note i've only put a modicum of thought into this idea...
Likewise. Seems promising, though.
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the inn-workers
mailing list