[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: rpmlib app security



On 26 Jun 2003, Star Morin wrote:

> howdy, rpmlist -
> 
> i've created an rpmlib-based application that utilizes setuid and suid
> (yess.. yes... here thar be dragons... :) and would be keen to get some
> feedback from you guys as to where my biggest worries should be on
> security.
> 
> i've google'd responses from the rpm-list in the past that basically
> just state that it has never been security audited, as it was designed
> to only be run by root. soOOoo, with that in mind, i'm mostly looking
> for any really big gotchas that could come from doing so anyway - any
> ideas?
>
What are you doing with librpm specifically, and why does it need to be
done setuid (i.e. what are you trying to allow someone other than root
to do?)?

Cheers...james 
> thanks!
> -star
> 




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []