SUID executable policy?
Michael E Brown
Michael_E_Brown at dell.com
Tue Apr 10 14:41:23 UTC 2007
On Tue, Apr 10, 2007 at 07:59:14AM -0400, Matthew Miller wrote:
> On Tue, Apr 10, 2007 at 03:34:23AM -0400, David Zeuthen wrote:
> > Btw, the rant of mine that Matthew pointed to was more concerned with
> > the sad fact that we run a bunch of X11 apps as root.. Just don't run
> > any X11 apps as root; it's a really really bad idea, thanks :-)
>
> Yeah but it's such a good rant. :)
>
> And seriously, although X is the most obviously scary, the same thing
> applies to any setuid code beyond the incredibly trivial.
Well... the getSystemId executable I want to run is _not_ a GUI app, and
the executable only takes two parameters that I can turn off if real uid
!= effective uid, effectively making it a program that outputs only with
no user input.
The information returned is not secret info. Basically just saying what
the Dell system ID is (not available in HAL currently), plus a couple
other things that can already be gotten through HAL.
I'll see what I can do, and if I end up doing SUID, I'll post it for
review before I stick it in my RPM.
I'm investigating HAL and DBUS now. It may prove to be an excellent
alternative if I can wrap my head around all of it.
--
Michael
More information about the fedora-devel-list
mailing list