[ale] GTK error
Brian Pitts
brian at polibyte.com
Thu Jan 27 20:53:05 EST 2011
On 01/27/2011 11:58 AM, Michael B. Trausch wrote:
> On Thu, 2011-01-27 at 11:37 -0500, Randy Ramsdell wrote:
>> I don't get it. From the link, "You should not make your GUI setuid at
>> all. Why run the risk of security bugs in code that does not need to
>> be running with elevated privileges?" but what states that the
>> setuid/setgid user is an elevated user?
>
> The only reason to write a program that is setuid or setgid is to confer
> some additional privilege that the user does not (or rather, may not be
> assumed to) have. Perhaps the most well-known example of this is the
> "passwd" program, which is setuid root so that it has the ability to
> modify the user's password in the shadow database.
>
> Honestly though, I have to disagree with the whole idea of having
> programs that are directly invoked by any user being setuid. I agree
> with the text on the GTK setuid page: setuid programs should be run as
> backends for non-setuid programs. At least for all situations that I am
> familiar with. Sadly, PAM does not agree with me, nor does many of the
> programs that I have seen that won't (or can't) operate without being
> setuid. It makes things pretty difficult to do in certain
> circumstances.
If you haven't seen it, you may be interested in "Ghosts of Unix past,
part 4: High-maintenance designs", which discusses setuid.
http://lwn.net/Articles/416494/
(please note that the derail in the comments is not typical of lwn)
--
All the best,
Brian Pitts
More information about the Ale
mailing list