Thus spake Kees Cook ([EMAIL PROTECTED]): > On Thu, Oct 23, 2003 at 06:18:31PM -0400, Sean Dague wrote: > > a setuid wrapper opens up all kinds of issues. A previous attempt at an > > http interfaces was shot down for that reason. You don't want normal users > > changing images, as it means that any normal user on that box can change the > > root password that will end up on all the other boxes (scary by a lot). > > > > I think a much better approach is to document how one might set up sudo to > > allow for use of SystemImager and Imagemanip by a small set of priviledged > > accounts on the machine. > > Oh duh, yeah, that's a great idea. Please ignore my stupid request for a > setuid wrapper. :) > > As for "normal users" working on images, that's basically the design goal > of "imagemanip", which has another set of permissions for which users can > work on which images. > > It looks like I can use the SUDO_USER env variable to figure out who ran > it for the image perm checking. Okay. I've modified the code to work > with 'sudo' instead of my wrapper. > > Here's what I have to check in: > > ? etc/imagemanip.conf > ? etc/imagemanip.perm > ? sbin/imagemanip > M CHANGE.LOG > M CREDITS > M Makefile > M systemimager.spec > M doc/man/Makefile > > Shall I go ahead and commit?
Go for it, Kees! -Brian > > -- > Kees Cook > Open Source Development Lab > [EMAIL PROTECTED] > > > > ------------------------------------------------------- > This SF.net email is sponsored by: The SF.net Donation Program. > Do you like what SourceForge.net is doing for the Open > Source Community? Make a contribution, and help us add new > features and functionality. Click here: http://sourceforge.net/donate/ > _______________________________________________ > Sisuite-devel mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/sisuite-devel -- --------------------------------------------------------- Brian Elliott Finley Phone: 630.803.8183 GPG: 3FF8 D096 0E0C D3F3 29B7 6518 D20B 1931 10F8 EE52 --------------------------------------------------------- ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Sisuite-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/sisuite-devel
