Re: SUID executable policy?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2007-04-09 at 23:33 -0500, Michael E Brown wrote:
> My current problem is in the dellsysidplugin.py yum-plugin. It can only
> get the Dell system ID if yum is run by root. This means that some yum
> commands, such as 'yum list' will give different output when run as
> root/non-root.

A setuid executable is often frowned upon, but note that if written
properly it can be secure and even useful. E.g. if you have an
executable that _only_ retrieves your system id it should be fine to
make it setuid as long as the system id isn't a secret that only root /
console users should know. There's also consolehelper (for the time
being) if you want to restrict it to console users... perhaps the system
ID is something that only console users should know.

Btw, the rant of mine that Matthew pointed to was more concerned with
the sad fact that we run a bunch of X11 apps as root.. Just don't run
any X11 apps as root; it's a really really bad idea, thanks :-)

     David


-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux