setuid/setgid nobody

Discussion in 'all things UNIX' started by Gullible Jones, Nov 27, 2012.

Thread Status:
Not open for further replies.
  1. Gullible Jones

    Gullible Jones Guest

    I have heard a lot about setuid/setgid being evil, bad, and dangerous to mess with. This seems obvious enough when one is talking about using them to elevate privileges.

    But what about for reducing privileges? I realize this is mostly academic, because GTK programs refuse to run when setuid/setgid... But wouldn't running an internet-facing program as setuid and setgid nobody (or better yet, setuid/setgid as its own unprivileged user) be an effective way of automatically sandboxing it? Especially on single-user systems?
     
    Gullible Jones, Nov 27, 2012
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...