["John McDermott" <jjm@xxxxxxxxxx>]

Mighe we, as an interim effort, check to see if we are running setuid or  
setgid and if so, pop up a warning box before loading plugins from an  
"untrusted" location? The warning box could allow or disallow loading such  
plugiins. This is not a true solution, but might help until we decide what  
to do (or get the capture factored out).

--john

> A number of UN*Xes have an "issetugid()" call; if it's present, we could
> use that.
> If it's not present, if the OS has geteuid() and getegid(), we should
> call both of those before relinquishing set-UID and set-GID privileges
> (which we'd have to do anyway, in order to reclaim those privileges),
> and compare the results against the results of getuid() and getgid()
> and, if they don't match, set a global flag, and have "issetugid()"
> return the value of that flag.



--
John McDermott, CCP
Writer, Educator, Consultant
jjm@xxxxxxxxxx        www.jkintl.com
V: +1 505/377-6293  F: +1 505/377-6313