cemkayali%eticaret.com.tr@localhost said:
It is well possible that privoxy opens its config file
before changing its privileges.
If a program opens a file descriptor before changing its
uig/gid, the file descriptor remains valid. But a "ktrace"
did show that this is not the case here.
The reason for the unexpected behaviour is that privoxy
changes its group but does not give up the supplementary
group memberships. Since "root" is member of "wheel" and
provoxy is started by "root" it runs with "wheel" permissions.
This is certainly a misfeature of "privoxy", if not
a serious bug.
Can you try the appended patch?
best regards
Matthias
-------------------------------------------------------------------
-------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt,
Dr. Sebastian M. Schmidt
-------------------------------------------------------------------
-------------------------------------------------------------------