SUID executable policy?

Michael E Brown Michael_E_Brown at dell.com
Tue Apr 10 15:18:02 UTC 2007


On Tue, Apr 10, 2007 at 10:49:41AM -0400, Adam Jackson wrote:
> On Mon, 2007-04-09 at 23:33 -0500, Michael E Brown wrote:
> > What is the policy/guidelines around having Set UID executables in
> > Fedora?
> > 
> > I maintain libsmbios. Libsmbios has to read the system DMI/SMBIOS table
> > to do its job, and this table can currently only be obtained by
> > mmap()-ing /dev/mem.  I also need to read certain areas of RAM to get
> > teh Dell system id, which is not in the DMI tables. I would like to make
> > some of this available to non-root users, but the only way I can think
> > of do do this involves SUID executables.
> > 
> > Can anybody suggest a better way?
> 
> Exposing the SMBIOS table as a device would be a start.  There's
> precedent for drivers that do little else besides map a specific region
> of memory, since /dev/mem is just way too coarse-grained.

I had an actual kernel patch in one linus -rc kernel to export smbios
table as a sysfs entry. The backlash generated prompted me to withdraw
the patch.

AFAICT, userspace should be able to do this itself. SUID is one way. I'm
currently looking at docs for HAL and DBUS as another. I'm leaning
towards HAL/DBUS, but they are semi complex and I'll need some help
making sure I get it right.
--
Michael




More information about the fedora-devel-list mailing list