1 2018-04-05 06:04:00 <dongcarl> Hi all, let's say I have bitcoind with setuid to user `foo', would user `bar' be able to turn on additional RPC calls by supplying bitcoind with a bitcoin.conf that `bar' wrote him/herself but keeping the same datadir?
2 2018-04-05 07:10:01 <wumpus> please, don't setuid bitcoind
3 2018-04-05 07:11:48 <wumpus> you can run it as a different user, sure, for example, but definitely don't use the setuid bit. setuid programs are a hazard, (see the recent "beep" vulnerability) even if small and easy to review.,and bitcoind has never been reviewed for that
4 2018-04-05 07:33:26 <jaromil> lol. never too late for a goodmorning advice.
5 2018-04-05 07:46:15 <dongcarl> wumpus: Right. That's what I thought. Should bitcoind warn users about that? Or just assume that people who do this is out of scope?
6 2018-04-05 07:51:50 <wumpus> don't think it's necessary. It's general advice to not setuid things, that's not bitcoind specific. It might not even work because it doesn't setegid/seteuid