> On Tue, Aug 30, 2005 at 05:32:52PM +0400, Michael Bushkov wrote: >> We can't ensure that, I guess. In the upcoming version (before the 1st of >> September), the cache would be per-user. This would solve all the security >> problems. In a little while, I'll implement the ability for cached to act >> as nscd. So you'll be able to choose the behaviour. > > What about setuid/setgid programs then? > > setuid root programs can use root's cache, perhaps a similar thing could > be done for other setuid programs, but what about setgid? > > perhaps don't cache at all for set*id programs (issetugid(2))? Per-user cache uses euid as the user identifier. So every setuid program will use the cache, which corresponds to its euid. But how can setgid affect the cache operations? Do you see some potential issue? With best regards, Michael Bushkov Rostov State UniversityReceived on Wed Aug 31 2005 - 17:14:27 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:42 UTC