SUID executable policy?
Matthew Miller
mattdm at mattdm.org
Tue Apr 10 15:28:06 UTC 2007
On Tue, Apr 10, 2007 at 05:11:36PM +0200, Hans de Goede wrote:
> And this is where I don't get the rant, afaik system-config-xxx aren't
> suid root, they call a (one would assume audited) helper program to become
> root, by use of the root password, so there is no chance for privelidge
> escalation here, because the user has the root password, the user cannot
> get any more privilidged then that AFAIK. So where is the problem?
Theoretically, one can configure these programs to allow authentication as a
user other than root, including sudo-like reauth-as-self operations. That
would be very useful functionality. In fact, it'd be reasonable to configure
many of them on desktop systems to be allow local use without any password
prompt.
--
Matthew Miller mattdm at mattdm.org <http://mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the fedora-devel-list
mailing list