Vi have for et stykke tid siden en længere tråd omkring suid og user id
0, fx i forbindelse opbyning af en listen'er på porte under 1024.
systrace har fået nogle dejlige udvidelser,
....support for privilege elevation.
with privilege elevation no suid or sgid binaries are necessary any
longer. Applications can be executed completely
unprivileged. Systrace raises the privileges for a single system call
depending on the configured policy.
Idea from discussions with Perry Metzger, Dug Song and Marcus Watts.
from provos...
http://www.openbsd.org/cgi-bin/cvsweb/src/bin/systrace/Makefile
--
Christian E. Lysel,
http://www.spindelnet.dk/