4 Dec
2010
4 Dec
'10
2:35 p.m.
"Edward Z. Yang"
There are many setuid binaries to non-root users, so getuid() != geteuid() would probably make more sense, though I'm not 100% it has all the correct security properties.
Might as well throw in getegid() != getgid() for good measure. Another issue with this: in the next couple years it looks like Fedora and Ubuntu will both be going towards filesystem capabilities instead of suid. If access to +RTS is restricted for suid binaries, it should probably also be restricted for binaries with elevated capabilities. -=rsw