On Thu, Oct 23, 2003 at 02:33:16PM -0700, Kees Cook wrote: > Well, I've read through the developer guide, and dug around in the > Makefile, etc. The one thing about the "imagemanip" tool is that it has a > setuid wrapper (so that non-root users can work on the images). Since > nothing is compiled right now in SystemImager, where would people > suggestion I put the wrapper source? I also figure that other people > should take a close look at the wrapper and perl code before it gets > included "by default" in the build/install process.
a setuid wrapper opens up all kinds of issues. A previous attempt at an
http interfaces was shot down for that reason. You don't want normal users
changing images, as it means that any normal user on that box can change the
root password that will end up on all the other boxes (scary by a lot).
I think a much better approach is to document how one might set up sudo to
allow for use of SystemImager and Imagemanip by a small set of priviledged
accounts on the machine.
-Sean
--
__________________________________________________________________
Sean Dague Mid-Hudson Valley
sean at dague dot net Linux Users Group
http://dague.net http://mhvlug.org
There is no silver bullet. Plus, werewolves make better neighbors
than zombies, and they tend to keep the vampire population down.
__________________________________________________________________
pgp00000.pgp
Description: PGP signature
