> * Bruno Haible <[EMAIL PROTECTED]> [2008-11-11 02:24:10 +0100]: > > Sam Steingold wrote: >> Suppose one has an application which is installed setuid root. >> Suppose also the application has a feature (e.g., spawn an >> interactive user shell) which should NOT be run as root - but as an >> unprivileged user instead. I suppose this is a fairly common >> operation ... > > The general opinion, among security aware developers, already for 10 > years, is that the amount of code which is executed with setuid root > permissions should be minimal.
this is all nice, but this does not answer my question. I agree that that it is not a good idea to run a large application setuid root, but this is NOT for me to decide. Please see the discussion here: https://sourceforge.net/forum/message.php?msg_id=5611456 All I can do is to revert setuid for a dangerous operation. advice? -- Sam Steingold (http://sds.podval.org/) on Ubuntu 8.04 (hardy) http://memri.org http://mideasttruth.com http://ffii.org http://palestinefacts.org http://iris.org.il http://honestreporting.com will write code that writes code that writes code for food
