--- Zygmuntowicz Michal <m.zygmuntowicz@onet.pl>
wrote:
> Hmm, if the user belongs to more than one group?
This is supposed to be a security feature. For
example, I have created an explicit GateKeeper user
who is the sole member of an explicit GateKeeper
group, and of no other group. If the GateKeeper is
cracked then the cracker gets no local privileges.
Belonging to large numbers of groups would seem to be
a Bad Thing.
> > Why would anyone need the '#uid' mode, when a user
>
> Because SetUserName/GetUserName have this syntax
> already built in.
Oh gross. But I guess my point is moot, then.
> > > Also I would rather skip test for
> IsPrivilegedUser()
> > > - is it necessary?
> > Yes, because only a privileged user can drop
> > privileges in the first place.
>
> Is the uid of a privileged user alwas 0? What about
> users belonging to some admin or root group?
Interesting question. On every UNIX/Linux box I have
ever used, the answer to that question is "Yes, UID=0
is the only privileged UID". However, I hear rumours
that Linux 2.6 will have a more flexible
"capability-based" approach...
Some UNIX boxes have a "wheel" group, and only members
of "wheel" can set their effective UID to root
("become root"), but you can't rely on that feature to
be present.
But I should probably also check the UID of the new
user to ensure that it is not zero.
Windows does seem to have a concept of an
Administrator Group, but that's why I wrapped the
geteuid() call inside the IsPrivilegedProcess()
function anyway.
Chris
________________________________________________________________________
Want to chat instantly with your online friends? Get the FREE Yahoo!
Messenger http://mail.messenger.yahoo.co.uk
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
List: Openh323gk-users@lists.sourceforge.net
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/
