Re: policy changes toward Non-Interactive installation
On 16-Aug-00, 02:11 (CDT), Joey Hess <email@example.com> wrote:
> Belive it or not, I know how to safely manage temp files and protect
> sensitive information with unix permissions.
I know you do, Joey, but my concern is that since the permission
violation occurs in the backend, when the backend gets replaced by
something else that the security by be inadvertently dropped. Would it
make sense for the front-end(s) check the effective userid and refuse to
run if it's not 0?