On Mon, 2004-08-16 at 14:33, Bill McCarty wrote: > It does seem reasonable to avoid domain transitions whereby someone could > gain permissions. But, Cron isn't all powerful and so I must allow one or > more domain transitions that selectively add permissions. Otherwise, I'd > have to extend Cron itself an unacceptably extensive range of permissions. True. A better statement would be "domain transitions on scripts should only be done when the caller is trusted not to abuse them." -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
