[Swan-dev] [Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at nohats.ca
Sat Oct 17 13:18:27 UTC 2015
On Sat, 17 Oct 2015, D. Hugh Redelmeier wrote:
> New commits:
> commit 7157c4b1ebab0698a026e5d667ec443a12083436
> Author: D. Hugh Redelmeier <hugh at mimosa.com>
> Date: Sat Oct 17 01:12:31 2015 -0400
>
> whack: be more careful dropping privilege
> - spell better
> - detect and report error
>
> I'm not convinced that this is actually correct logic.
> There is no explanation of when it is needed.
> Is the whack executable file ever setgid or setuid?
Note that your commit talks about whackinit.c and not whack.c
The original goal of whackinit.c was to have a "limited whack"
command that was setuid/setgid that would allow a non-root
user a limited set of operations. For example to run whack --status
or whack --initiate but not whack --add.
We currently don't use or compile whackinit.c
Paul
More information about the Swan-dev
mailing list