SUID executable policy?
Hans de Goede
j.w.r.degoede at hhs.nl
Tue Apr 10 15:11:36 UTC 2007
Matthew Miller wrote:
> On Tue, Apr 10, 2007 at 03:34:23AM -0400, David Zeuthen wrote:
>> Btw, the rant of mine that Matthew pointed to was more concerned with
>> the sad fact that we run a bunch of X11 apps as root.. Just don't run
>> any X11 apps as root; it's a really really bad idea, thanks :-)
>
> Yeah but it's such a good rant. :)
>
> And seriously, although X is the most obviously scary, the same thing
> applies to any setuid code beyond the incredibly trivial.
>
And this is where I don't get the rant, afaik system-config-xxx aren't suid
root, they call a (one would assume audited) helper program to become root, by
use of the root password, so there is no chance for privelidge escalation here,
because the user has the root password, the user cannot get any more
privilidged then that AFAIK. So where is the problem?
Regards,
Hans
More information about the fedora-devel-list
mailing list