Subject: Re: mount_portal questions
To: None <>
From: Christos Zoulas <>
List: tech-userlevel
Date: 07/27/1999 13:14:33
In article <>,
Brian C. Grayson <> wrote:
>  Would it make sense to weaken the set*id() calls to the
>  If uid (of the mount_portal child) == 0, lower our credentials
>    (including setgroups()) to those of the calling process,
>    i.e., use the code as it is.
>  Else, if uid of the mount_portal child match uid of the calling
>    process, and gid of the mount_portal child is contained in the
>    calling process' pcr_groups, then simply continue (skip
>    seteuid, setgroups, and setegid calls).

That looks right to me.