[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [redhat-lspp] I am getting lots of push back on devallocator.
- From: Klaus Weidner <klaus atsec com>
- To: Daniel J Walsh <dwalsh redhat com>
- Cc: redhat-lspp <redhat-lspp redhat com>
- Subject: Re: [redhat-lspp] I am getting lots of push back on devallocator.
- Date: Fri, 14 Jul 2006 12:37:29 -0500
On Fri, Jul 14, 2006 at 01:17:28PM -0400, Daniel J Walsh wrote:
> Internal Red Hat people are interested if we can do this another way
> without introducing a new SUID application.
>
> Could someone spell out the exact requirements, that devallocator is
> trying to solve?
I'm a bit confused also. I thought it was intended to help administrators
define labels for printer devices, and tools run by administrators don't
need to be SUID.
I just looked at the code, and some of its features such as relabeling
floppy and CD-ROM devices should definitely *not* be accessible to
non-admin users via a SUID application, at least not in an evaluated
config. It also has many override capabilities in its policy, are those
all really necessary? I think it would be preferable to require that an
admin runs it who has the necessary privileges already, instead of having
the tool grant them.
-Klaus
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]