Date: Sat, 29 Jun 1996 21:36:30 +0200 From: Wolfram Schneider <wosch@softs11.ZIB-Berlin.DE> To: Bruce Evans <bde@zeta.org.au> Cc: ache@nagual.ru, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-gnu@freefall.freebsd.org Subject: Re: cvs commit: src/gnu/usr.bin/man/man Makefile man.c Message-ID: <199606291936.VAA01445@campa.panke.de> In-Reply-To: <199606221919.FAA09478@godzilla.zeta.org.au> References: <199606221919.FAA09478@godzilla.zeta.org.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Bruce Evans writes: >>KOI8-R writes: >>>> I thought the general consensus was a sgid man, not suid. >>>I don't see how sgid man can be better than suid man now, >>Security, security, security. Principle of least privilege. > >In that case, isn't suid man better? Group man would have to >be able to access exactly the same things as user man does now, >it's easier to make a mistake with a group by putting too many >users in it. We already have a group 'man'. grep ^man: /etc/group man:*:9: This group is empty like it should be. No human users need group man. A user can start own processes, a group not. $ printf ".PS\nsh X id X\n.PE\n" | pic .lf 1 - .lf 1 uid=14201(wosch) gid=14201(wosch) groups=14201(wosch), 0(wheel), 5(operator), 117(dialer) .lf 4 You are really sure that man(1) does never start shells with uid 'man'? Wolfram
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606291936.VAA01445>