[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#993488: maybe reason for wontfix?

On 2021-09-03 14:23, Tomas Pospisek wrote:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993488#16 contains a
"wontfix + close" but no rationale. Which leaves the original reporter
with a large "?" I guess.

I am guessing that the reason for the "wontfix" is "that's just how
Unix works unfortunately" aka "that's a Unix design bug"? Is my guess

One other question - any idea on a way forward here? I would guess
that behaviour (changing group membership won't change group
membership of running processes) is rooted somewhere quite low in the
stack, maybe in the kernel itself (or in posix :-#)? So if the
original reporter would want to go ahead and look to that problem
beeing fixed would he need to go talk to the kernel mailing list or do
you have idea where he could go to?

Processes in *nix inherit permissions. That's inherent to the design. If you want more guarantees, you need to move from discretionary access control (based on the identity at the time of process (tree) creation) to mandatory access control (e.g. SELinux).

Kind regards
Philipp Kern

Reply to: