Date: Sat, 2 Sep 1995 22:02:53 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: durham@w2xo.pgh.pa.us (Jim Durham) Cc: terry@lambert.org, hackers@FreeBSD.ORG Subject: Re: A little strangness with 2.0.5 Message-ID: <199509030502.WAA10537@phaeton.artisoft.com> In-Reply-To: <Pine.BSF.3.91.950902233257.589A-100000@w2xo.pgh.pa.us> from "Jim Durham" at Sep 2, 95 11:40:31 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > A kill signal can be delivered to a process owned by your UID or a > > process owned by your GID. You seem to not be a memebr of the group > > you SGID'ed to, so exclusion groups apply. > > I should perhaps have phrased it better. I should have said..."seeing as > both the parent and child were SUID 'net' , why would changing the > GID matter? > > I have to admit I don't know about exclusion groups. I'll have to do a little > reading on that. If you are the owner and world and group permission are granted, but owner permission is not, then you are prevented access. If you aren't the owner, but are a member of the group, and the group is prevented access, even if access is permitted to the world, you are prevented access. If you aren't the owner or a member of the group, then if world access is not allowed, then access is prevented. You can put users in a group "nogames", set the permissions on the games dir such that there is owner and world access but not group access, and set the group ownership to "nogames" and memebers of the group will be prevented access. Perhaps the credentials for the kill are being applied vs. the process credentials of the process as if it were a file access. I'd have to send a bit of time looking (or you would 8-)). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509030502.WAA10537>