[Haskell-cafe] GHC 7.0.1 developer challenges

Riad S. Wahby rsw at jfet.org
Sat Dec 4 20:35:36 CET 2010


"Edward Z. Yang" <ezyang at MIT.EDU> wrote:
> There are many setuid binaries to non-root users, so getuid() != geteuid()
> would probably make more sense, though I'm not 100% it has all the correct
> security properties.

Might as well throw in getegid() != getgid() for good measure.

Another issue with this: in the next couple years it looks like Fedora
and Ubuntu will both be going towards filesystem capabilities instead of
suid. If access to +RTS is restricted for suid binaries, it should
probably also be restricted for binaries with elevated capabilities.

-=rsw



More information about the Haskell-Cafe mailing list