The issue is that it is entirely dependent on the security integrity of the application with the setuid bit set. If someone can insert code, or swap a dynamically linked library with their own alternative, it becomes possible to have your own code executed as root. The system is then completely compromised.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Woodruff, Robert J Sent: 26 May 2010 17:19 To: Hal Rosenstock Cc: EWG Subject: Re: [ewg] Allowing ib dignostics to be run without being logged in as root. Hal wrote, >sudo can be configured for specific commands to be allowed to specific users. Then perhaps that is a safer way to do it, but it would put more work on the system admin to set it up for people, but if setting the permissions of the commands to setuid root opens up a security hole, we would not want that. Does anyone know if setting the permissions to setuid root does actually open up a security hole ? woody _______________________________________________ ewg mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ewg _______________________________________________ ewg mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ewg
