Transcript for #bitcoin-dev 2018/04/05

06:04 dongcarl Hi all, let's say I have bitcoind with setuid to user `foo', would user `bar' be able to turn on additional RPC calls by supplying bitcoind with a bitcoin.conf that `bar' wrote him/herself but keeping the same datadir?
07:10 wumpus please, don't setuid bitcoind
07:11 wumpus you can run it as a different user, sure, for example, but definitely don't use the setuid bit. setuid programs are a hazard, (see the recent "beep" vulnerability) even if small and easy to review.,and bitcoind has never been reviewed for that
07:33 jaromil lol. never too late for a goodmorning advice.
07:46 dongcarl wumpus: Right. That's what I thought. Should bitcoind warn users about that? Or just assume that people who do this is out of scope?
07:51 wumpus don't think it's necessary. It's general advice to not setuid things, that's not bitcoind specific. It might not even work because it doesn't setegid/seteuid