Re: suid binaries should not be writable by owner
> s> A better design would have been having the file to have a
> s> second UID/GID.
>
> s> So, a file could be owned by root, but setuid man.
>
> ACLs and capabilities are probably two very different solutions to
> this problem.
>
> (...depends on how they are implemented).
It's tricky... capabilities don't fix this.
And I know nothing about ACL's on UNIX systems. It must be something like
"these users/groups may write, and these may read", but I don't know if they
have something for the setuid/segid thing...
Reply to: