Roland McGrath <[EMAIL PROTECTED]> writes:
> > More exactly, you mean before calling proc_setowner.
>
> Yes.
>
> > We should be more careful here.
>
> How?
As I described below. :)
> > For all we know, we have big giant hairy port leaks in the startup code
> > for the Hurd, and every proces
Roland McGrath <[EMAIL PROTECTED]> writes:
> So login only needs to be setuid if you aren't using the password server,
> in theory. The things that are failing are proc_setowner and chown called
> before the exec. Those are using the old proc and auth state rather than
> the state that is being
> You mean auth_makeauth inside ugids_verify_make_auth, right?
Sure.
> Without being root, login makes ids of new user.
Oh, yeah. I never really paid attention to the password server.
So login only needs to be setuid if you aren't using the password server,
in theory. The things that are fail
