[ale] GTK error

Brian Pitts brian at polibyte.com
Thu Jan 27 20:53:05 EST 2011


On 01/27/2011 11:58 AM, Michael B. Trausch wrote:
> On Thu, 2011-01-27 at 11:37 -0500, Randy Ramsdell wrote:
>> I don't get it. From the link, "You should not make your GUI setuid at
>> all. Why run the risk of security bugs in code that does not need to
>> be running with elevated privileges?" but what states that the 
>> setuid/setgid user is an elevated user?
> 
> The only reason to write a program that is setuid or setgid is to confer
> some additional privilege that the user does not (or rather, may not be
> assumed to) have.  Perhaps the most well-known example of this is the
> "passwd" program, which is setuid root so that it has the ability to
> modify the user's password in the shadow database.
> 
> Honestly though, I have to disagree with the whole idea of having
> programs that are directly invoked by any user being setuid.  I agree
> with the text on the GTK setuid page: setuid programs should be run as
> backends for non-setuid programs.  At least for all situations that I am
> familiar with.  Sadly, PAM does not agree with me, nor does many of the
> programs that I have seen that won't (or can't) operate without being
> setuid.  It makes things pretty difficult to do in certain
> circumstances.

If you haven't seen it, you may be interested in "Ghosts of Unix past,
part 4: High-maintenance designs", which discusses setuid.

http://lwn.net/Articles/416494/

(please note that the derail in the comments is not typical of lwn)

-- 
All the best,
Brian Pitts


More information about the Ale mailing list