[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root

On 6/12/99 vorlon@netexpress.net wrote:

Joining the discussion a little late here, but I think sgid shadow
binaries are only marginally better than suid root binaries.  Exploits are
constantly being found in all manner of X libraries, which means it's a
risk to run many X programs with special permissions; and anyone who can
exploit an suid root binary to gain illicit access could exploit an sgid
shadow binary almost as easily.

well yes that is true, but saying sgid shadow is as bad as suid root is a little harsh:

exploit sgid shadow program -> you get access to encrypted passwords woo hoo!
exploit suid root program -> who needs encrypted passwords? we already got root!

but yes I agree it would probably be more secure to use a pam helper binary rather then give the program itself direct access to the shadow files.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []