SUID executable policy?
mattdm at mattdm.org
Tue Apr 10 15:28:06 UTC 2007
On Tue, Apr 10, 2007 at 05:11:36PM +0200, Hans de Goede wrote:
> And this is where I don't get the rant, afaik system-config-xxx aren't
> suid root, they call a (one would assume audited) helper program to become
> root, by use of the root password, so there is no chance for privelidge
> escalation here, because the user has the root password, the user cannot
> get any more privilidged then that AFAIK. So where is the problem?
Theoretically, one can configure these programs to allow authentication as a
user other than root, including sudo-like reauth-as-self operations. That
would be very useful functionality. In fact, it'd be reasonable to configure
many of them on desktop systems to be allow local use without any password
Matthew Miller mattdm at mattdm.org <http://mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the devel