Roland McGrath <[EMAIL PROTECTED]> writes:
> > It has occured to me: should suid binaries on a user mounted file system
> > be run as the owner of the filesystem?
>
> Yes, probably. Moreover, what it means to get the auth port for running a
> setuid binary should be the very same thing it means to get the auth port
> for running a translator.
No; they should default to nobody if they can't get the assigned IDs.
What should really happen... see below
> I think the reasonable thing to do is something like, try an auth_makeauth
> literally as requested; if that fails, try replacing the ids with the
> filesystem process's or underlying node's ids.
I think this is bad; it assumes that "setuid" means "get as many privs
as possible".
What should happen, of course, is the long-awaited "intersection"
models of getauth, where setuid on a non-root filesystem gives you an
auth port that represents the logical intersection of the two sets of
permissions.
_______________________________________________
Bug-hurd mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/bug-hurd
