[ale] GTK error

Michael Potter michael at potter.name
Thu Jan 27 22:49:02 EST 2011


On Thu, Jan 27, 2011 at 8:53 PM, Brian Pitts <brian at polibyte.com> wrote:
> On 01/27/2011 11:58 AM, Michael B. Trausch wrote:
>> On Thu, 2011-01-27 at 11:37 -0500, Randy Ramsdell wrote:
>>> I don't get it. From the link, "You should not make your GUI setuid at
>>> all. Why run the risk of security bugs in code that does not need to
>>> be running with elevated privileges?" but what states that the
>>> setuid/setgid user is an elevated user?
>>
>> The only reason to write a program that is setuid or setgid is to confer
>> some additional privilege that the user does not (or rather, may not be
>> assumed to) have.  Perhaps the most well-known example of this is the
>> "passwd" program, which is setuid root so that it has the ability to
>> modify the user's password in the shadow database.
>>
>> Honestly though, I have to disagree with the whole idea of having
>> programs that are directly invoked by any user being setuid.  I agree
>> with the text on the GTK setuid page: setuid programs should be run as
>> backends for non-setuid programs.  At least for all situations that I am
>> familiar with.  Sadly, PAM does not agree with me, nor does many of the
>> programs that I have seen that won't (or can't) operate without being
>> setuid.  It makes things pretty difficult to do in certain
>> circumstances.
>
> If you haven't seen it, you may be interested in "Ghosts of Unix past,
> part 4: High-maintenance designs", which discusses setuid.
>
> http://lwn.net/Articles/416494/
>
> (please note that the derail in the comments is not typical of lwn)
>

There is some interesting information in that article; but it is a tedious read.

-- 
Michael Potter



More information about the Ale mailing list