[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FHS compliance and UNIX sockets

Ethan Benson <erbenson@alaska.net> wrote:

> sorry but this is nuts, ssh-agent is not written to be a set[ug]id
> program, making it setuid would be dangerous.  it probably would not
> even function correctly. =20

So what? You can write in such a way that the first thing it does is to
create that directory and then immediately drop the privilege.  If you're
worried about giving users write permission under /var/run, just make the
socket there and forget about the directory.
Debian GNU/Linux 2.2 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to: