Date: Tue, 13 Oct 2020 09:52:54 +0000 From: "Laurent Bercot" <ska-dietlibc@...rnet.org> To: musl@...ts.openwall.com Subject: Re: Calling setxid() in a vfork()-child >If dropping privileges is all you want, then posix_spawn() has a flag >for that. But it does not. All POSIX_SPAWN_RESETIDS does is make sure that a s-bit program does not spawn a child with the same effective uid as its caller; there is nothing in posix_spawn() about dropping root privileges. This is one of process state change operations that are lacking in posix_spawn(), along with being able to spawn the child as a session leader (despite being able to spawn it as a process group leader). That's what makes exhaustive attribute listing a bad function design: there is always an attribute that designers forget. I understand how useful posix_spawn() is for portable correctness, I use it over fork() whenever I can, but it is definitely not complete without helper programs and it's an ugly wart that nobody benefits from ignoring. -- Laurent
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.