bug-gnulib
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: code/module request: undo setuid

From: Sam Steingold
Subject: Re: code/module request: undo setuid
Date: Mon, 10 Nov 2008 21:52:25 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (gnu/linux) 
> * Bruno Haible <address@hidden> [2008-11-11 02:24:10 +0100]:
>
> Sam Steingold wrote:
>> Suppose one has an application which is installed setuid root.
>> Suppose also the application has a feature (e.g., spawn an
>> interactive user shell) which should NOT be run as root - but as an
>> unprivileged user instead.  I suppose this is a fairly common
>> operation ...
>
> The general opinion, among security aware developers, already for 10
> years, is that the amount of code which is executed with setuid root
> permissions should be minimal.

this is all nice, but this does not answer my question.
I agree that that it is not a good idea to run a large application
setuid root, but this is NOT for me to decide.
Please see the discussion here:
https://sourceforge.net/forum/message.php?msg_id=5611456

All I can do is to revert setuid for a dangerous operation.
advice?

-- 
Sam Steingold (http://sds.podval.org/) on Ubuntu 8.04 (hardy)
http://memri.org http://mideasttruth.com http://ffii.org
http://palestinefacts.org http://iris.org.il http://honestreporting.com
will write code that writes code that writes code for food
reply via email to
[Prev in Thread] Current Thread [Next in Thread]