[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: suid binaries should not be writable by owner

>     s>  A better design would have been having the file to have a
>     s> second UID/GID.
> 
>     s>  So, a file could be owned by root, but setuid man.
> 
> ACLs and capabilities are probably two very different solutions to
> this problem. 
> 
> (...depends on how they are implemented).

 It's tricky... capabilities don't fix this.

 And I know nothing about ACL's on UNIX systems. It must be something like
"these users/groups may write, and these may read", but I don't know if they
have something for the setuid/segid thing...
Reply to: