Previously Kalle Olavi Niemitalo wrote: > This solution isn't very good either, since the user can create a > setgid program when she's at the console and run it later. Or she can > leave a shell running in screen(1). Or just leave a process holding > the device open. The obvious solution to that is the revoke() system call, which should be used by anything that does things like spawning a login-shell and giving away groups. It should be in the 2.1 kernels. Wichert. -- ============================================================================== This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: wakkerma@cs.leidenuniv.nl WWW: http://www.wi.leidenuniv.nl/~wichert/
Attachment:
pgp6a2Y2MOQnh.pgp
Description: PGP signature