[Bug 238366] Review Request: autodownloader - GUI-tool to automate the download of certain files
bugzilla at redhat.com
bugzilla at redhat.com
Mon Apr 30 16:52:42 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: autodownloader - GUI-tool to automate the download of certain files
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238366
cweyl at alumni.drew.edu changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |cweyl at alumni.drew.edu
------- Additional Comments From cweyl at alumni.drew.edu 2007-04-30 12:52 EST -------
(In reply to comment #5)
> Interesting point, but autodownloader is not suid anything, and thus cannnot
> write to such a global log file. It was designed to run as a normal user and
> download files to dirs under the users $HOME. Yes this has a few downsides, but
> from a security POV, this really is the best solution IMHO.
>
> We might need to take another look at this (adding a suid helper written in C)
> which can install files under /usr if autodownloader becomes popular and is used
> to download big(ger) files.
Note that the "oddjob" package can help with this, without needing to set things
suid or some other mechanism... It provides a simple, modular dbus-enabled
mechanism for non-privlidged processes to invoke predefined privlidged
operations. I'd definitely take a look at this first.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the package-review
mailing list