dma user config

Simon 'corecode' Schubert corecode at fs.ei.tum.de
Sun Feb 3 13:47:22 PST 2008


Matthew Dillon wrote:
    It is far less safe if you allow the user to exec a suid program.  I
    really hate SUID binaries and would recommend against them.  A mail
    front-end, for example, should connect to a service already running
    as root and NOT itself be a SUID binary.
    If I were to give advise here, it would be 'don't worry about the
    peformance cost of doing a fork()'.
Oh, sure.  I just also wanted to avoid having to have a process running 
all the time.  Right now every dma instance cares about itself and does 
all queueing, etc.  Once it has done its job, it quits.

Running a setuid root binary or having root starting a setuid process 
doesn't make much of a difference, no?

cheers
  simon
--
Serve - BSD     +++  RENT this banner advert  +++    ASCII Ribbon   /"\
Work - Mac      +++  space for low €€€ NOW!1  +++      Campaign     \ /
Party Enjoy Relax   |   http://dragonflybsd.org      Against  HTML   \
Dude 2c 2 the max   !   http://golden-apple.biz       Mail + News   / \





More information about the Kernel mailing list