On Mon, 2004-08-16 at 14:33, Bill McCarty wrote:
It does seem reasonable to avoid domain transitions whereby someone could gain permissions. But, Cron isn't all powerful and so I must allow one or more domain transitions that selectively add permissions. Otherwise, I'd have to extend Cron itself an unacceptably extensive range of permissions.
True. A better statement would be "domain transitions on scripts should only be done when the caller is trusted not to abuse them."