SUID executable policy?
David Zeuthen
david at fubar.dk
Tue Apr 10 07:34:23 UTC 2007
On Mon, 2007-04-09 at 23:33 -0500, Michael E Brown wrote:
> My current problem is in the dellsysidplugin.py yum-plugin. It can only
> get the Dell system ID if yum is run by root. This means that some yum
> commands, such as 'yum list' will give different output when run as
> root/non-root.
A setuid executable is often frowned upon, but note that if written
properly it can be secure and even useful. E.g. if you have an
executable that _only_ retrieves your system id it should be fine to
make it setuid as long as the system id isn't a secret that only root /
console users should know. There's also consolehelper (for the time
being) if you want to restrict it to console users... perhaps the system
ID is something that only console users should know.
Btw, the rant of mine that Matthew pointed to was more concerned with
the sad fact that we run a bunch of X11 apps as root.. Just don't run
any X11 apps as root; it's a really really bad idea, thanks :-)
David
More information about the fedora-devel-list
mailing list