On Tue, May 25, 2010 at 7:21 PM, Woodruff, Robert J <[email protected]> wrote: > Hal wrote, > >>If you really want any user to do this, is changing umad permissions >>sufficient ? This is less of a security hole than setuid but does open >>things up for malicious users. > >>-- Hal > > I wanted to avoid doing this as it would allow some malicious user to > just open /dev/umad and send random mads and cause big problems with the > fabric. > > I was thinking that if the applications like perfquery are "trusted" > to not allow someone to do anything malicious, then having them > run as setuid root would not open a security hole ?
I don't know exactly how setuid programs are exploited to obtain general root access but I've heard this. > sudo sounds like if would allow them to run any command as root ID, > which I think is a larger security hole than just setting the one > or few trusted applications to setuid root. But then, I am not a > security expert so I may not know all of the possible issues with > setting a command to setuid root. sudo can be configured for specific commands to be allowed to specific users. -- Hal > > woody > > > _______________________________________________ > ewg mailing list > [email protected] > http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ewg > _______________________________________________ ewg mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ewg
