[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Crypto consolidation in debian ?

* Roger Leigh (rleigh@codelibre.net) [110501 15:08]:
> Even if the NSS situation changes, surely it's immediately obvious
> that a random library function should not tamper with the uid of a
> process as a side-effect?  Unless the caller explicitly requested
> dropping of root privs, no library has *any* business in changing it.

I miss (not only here) the principle:
                 First, do no harm.

Which are totally failed by a library changing uids on it's own.


Reply to: