Please see the comments inline. ----- Original Message ----- From: "Chris Rankin" <rankincj@yahoo.com> Sent: Wednesday, September 17, 2003 10:00 AM Subject: Re: [PATCH] Drop root privileges (if we have them) > > I think we can use PWLib PProcess::SetUserName() and > > PProcess::SetGroupName(). > I will need to check that they "Do The Right Thing" > first. This is supposed to be a security feature, > after all. These do basically the same things as your code + a bit more checks. > > Also, both uid and gid should be configurable. > The group is already configurable, via the OS. I don't > think that it's a good idea to allow the operator to > specify a group to which the chosen user does not > belong. At the moment, it reads the group ID that has > been preassigned to the user ID. Hmm, if the user belongs to more than one group? > consult the config file here at all. And since the > "run as user" -u option is OS-related rather than > GateKeeper-functionality-related (rather like the -o > and --pid options), I'm not sure that it belongs in > the config file any more than -o and --pid do. Agree. No config settings. > Why would anyone need the '#uid' mode, when a user Because SetUserName/GetUserName have this syntax already built in. > > Also I would rather skip test for IsPrivilegedUser() > > - is it necessary? > Yes, because only a privileged user can drop > privileges in the first place. Is the uid of a privileged user alwas 0? What about users belonging to some admin or root group? Regards: --- Zygmuntowicz Michal ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
