On Thu, Jun 13, 2002 at 06:08:17PM -0700, Nathan Carl Summers wrote: > > In any case, if a plugin needs to be setuid, then it had better be > > written by somewhat security-conscious people (or you've got a whole > > larger set of problems...), so fixing a shared memory ownership issue > > on that end is going to be a breeze. > > Never assume that just because someone makes something setuid they know > what they are doing. (also don't assume it's always setuid root). > Maybe I should just post directly from my @openbsd.org address. My comment was somewhat tongue-in-cheek. OF COURSE, quite a few people write Unix programs not knowing what they're doing. And sadly, quite a few people write setuid stuff not knowing what they are doing, at all. If this shm issue comes from some programmer `needing it' for some setuid plugin of his, it is very obvious (and sad) that programmer doesn't know enough about Unix programming to be writing setuid programs...
