Re: [PATCH] implement privmode support in dash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Aug 22, 2013 at 12:59 PM, Harald van Dijk <harald@xxxxxxxxxxx> wrote:
> On 22/08/13 19:59, Tavis Ormandy wrote:
>> Hello, this is a patch to add privmode support to dash. privmode attempts to
>> drop privileges by default if the effective uid does not match the uid. This
>> can be disabled with -p, or -o nopriv.
>
> Hi Tavis,
>
> Your approach definitely has my support (FWTW), but there are two
> aspects that surprised me, and are different from bash and FreeBSD's sh:
>
> You named the option nopriv, while bash and FBSD use the name
> privileged. I think it is likely to confuse people if "bash -o
> privileged" and "dash -o nopriv" do the same thing, and that it would be
> better to match bash and give the option a positive name, such as
> "priv", or perhaps even match them exactly and use "privileged".
>
> In bash and FBSD, after starting with -p, set +p can be used to drop
> privileges. With your patch, dash accepts set +p, but silently ignores it.
>
> How does something like the attached, to be applied on top of your
> patch, look?

Thanks Harald, those changes make sense to me.

Tavis.
--
To unsubscribe from this list: send the line "unsubscribe dash" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux