[Haskell-cafe] GHC 7.0.1 developer challenges
Riad S. Wahby
rsw at jfet.org
Sat Dec 4 20:35:36 CET 2010
"Edward Z. Yang" <ezyang at MIT.EDU> wrote:
> There are many setuid binaries to non-root users, so getuid() != geteuid()
> would probably make more sense, though I'm not 100% it has all the correct
> security properties.
Might as well throw in getegid() != getgid() for good measure.
Another issue with this: in the next couple years it looks like Fedora
and Ubuntu will both be going towards filesystem capabilities instead of
suid. If access to +RTS is restricted for suid binaries, it should
probably also be restricted for binaries with elevated capabilities.
More information about the Haskell-Cafe