On Mon, Feb 23, 2004 at 05:45:07PM +0000, Colin Percival wrote: > I can see a number of possible options; I'd like to hear >opinions on which would be the best. ... 8) Make nologin setgid to a suitably unprivileged group and rely on rtld(1) to ignore LD_LIBRARY path & friends. (setgid is less unsafe than setuid) Pro: nologin remains dynamically linked in /sbin (avoiding POLA breakage) Con: Introduces an "unnecessary" setgid program PeterReceived on Tue Feb 24 2004 - 00:35:29 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:44 UTC