On 4/28/25 5:53 PM, Peter Den Hartog wrote: [snip]
If the consensus is that simplification is better, I would be happy to submit some incremental patches to have things use the PATH directly instead of hard coding executable locations at compile time. This would be a good time to take a look through the code that does use setuid and make sure it's not using PATH, as a bonus.
Simplification is usually better. Hardcoded paths for sensitive executables may be preferable. The rest should be stripped. However, it only gives some solace and no guarantees.
(there is also use of iptables in the hostmot2 hm2_eth driver and rmmod/insmod in at least the RPi drivers)
Gettig rid of setuid is even better. There was a start to this in draft PR #918, but it stalled.
From a security standpoint,... running a CNC machine with free network access is already bending the rules. A running LCNC installation should have a read-only filesystem for any code and fix data. Only few places in the filesystem require to be mounted read/write on (production) machines and should also be mounted "noexec".
-- Greetings Bertho (disclaimers are disclaimed) _______________________________________________ Emc-developers mailing list Emc-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-developers
