On 10/02/2014 07:32 PM, Steven J. Long wrote:
> On Tue, Sep 30, 2014 at 07:52:02AM -0700, Zac Medico wrote:
>> On 09/29/2014 04:31 PM, Steven J. Long wrote:
>>> On Mon, Sep 29, 2014, Zac Medico wrote:
On 09/28/2014, Steven J. Long wrote:
> On Wed, Sep 24, 2014, Zac Medico wrote:
>> 1)
Peter Stuge wrote:
> Steven J. Long wrote:
> > > It's a lot more secure to have a single well-defined privileged trust
> > > anchor (the privileged process) with a well-defined protocol, than to
> > > have built-in privilege escalation which allows arbitrary actions.
> >
> > the whole point is to
Steven J. Long wrote:
> On Tue, Sep 30, 2014 at 07:52:02AM -0700, Zac Medico wrote:
> > The IPC implementation that I've suggested does not involve an SUID
> > helper, so it is much more secure. Security would rely on the permission
> > bits of the named pipes that are used to implement IPC.
..
> I
On Tue, Sep 30, 2014 at 07:52:02AM -0700, Zac Medico wrote:
> On 09/29/2014 04:31 PM, Steven J. Long wrote:
> > On Mon, Sep 29, 2014, Zac Medico wrote:
> >> On 09/28/2014, Steven J. Long wrote:
> >>> On Wed, Sep 24, 2014, Zac Medico wrote:
> 1) When esudo is called, it saves the current (unpri
On 07/09/2014 07:17 AM, Michał Górny wrote:
>>> c) 'esudo' helper [3]. This is a more generic form of (2), with
>>> support for other potential privilege changes.
>>
>>> [...]
>>
>>> Disadvantages:
>>
>>> - hard to implement -- especially if we want to make it capable of
>>> running bash function
Dnia 2014-07-08, o godz. 16:17:02
Ulrich Mueller napisał(a):
> > On Tue, 8 Jul 2014, Michał Górny wrote:
>
> > b) SUPPLEMENTARY_GROUPS support [2]. The idea is to use setgroups()
> > to transparently enable group membership for the build process.
>
> > Advantages:
>
> > - transparent, rela
> On Tue, 8 Jul 2014, Michał Górny wrote:
> a) explicitly requesting user to alter group membership for the
> build user. This is already done in some of the CUDA ebuilds.
> [...]
This doesn't work out of the box for users, therefore it is not really
a solution.
> b) SUPPLEMENTARY_GROUPS su
