The safe_setuid_drop and safe_setuid_grab functions have a ridiculous number of ifdefs.
I suggests that at least SAFE_SETUID and SAFE_SETUID_POSIX is turned on permanently. For the first one, I see no reason to turn it off and for the second one, we assume in all other places that all Unix systems are Posix compatible by now.
Finally there is setegid vs setgid. Reading the manpages I can't figure out the difference. Anyone got a clue?
I suggests that at least SAFE_SETUID and SAFE_SETUID_POSIX is turned on permanently. For the first one, I see no reason to turn it off and for the second one, we assume in all other places that all Unix systems are Posix compatible by now.
Finally there is setegid vs setgid. Reading the manpages I can't figure out the difference. Anyone got a clue?
Comment