Re: dropping setuid/setgid privileges

[James Youngman]

On Fri, Jun 12, 2009 at 12:29 AM, Bruno Haible<address@hidden> wrote:

>> That is usually necessary but not always sufficient, for example see
>> http://blogs.sun.com/peteh/date/20050614
>
> What do you mean by "not always sufficient", other than kernel bugs and
> implementation limits? Assuming a small number of supplementary groups,
> all a process needs to have in order to access all files that a user has
> access to is that
>  - the process' uid = the user's uid,
>  - the process' gid and supplementary groups together contain all groups
>    to which the user belongs.
> No?

Precisely; the number of supplementary groups may not be small, yet
the 16-group limit for NFS is very common.   An implementation limit
which is almost universal is something for which one can't usefully
say "fix your implementation".   But we're wandering away from the
main point; a ~full explanation is given at the URL quoted earlier.

James.