Subject: Re: mount_portal questions
To: None <firstname.lastname@example.org>
From: Christos Zoulas <email@example.com>
Date: 07/27/1999 13:14:33
In article <19990727014200.A23023@marvin.ece.utexas.edu>,
Brian C. Grayson <firstname.lastname@example.org> wrote:
> Would it make sense to weaken the set*id() calls to the
> If uid (of the mount_portal child) == 0, lower our credentials
> (including setgroups()) to those of the calling process,
> i.e., use the code as it is.
> Else, if uid of the mount_portal child match uid of the calling
> process, and gid of the mount_portal child is contained in the
> calling process' pcr_groups, then simply continue (skip
> seteuid, setgroups, and setegid calls).
That looks right to me.