On Wed, May 26, 2010 at 12:29 PM, Informatix solutions <[email protected]> wrote: > The issue is that it is entirely dependent on the security integrity of the > application with the setuid bit set. > If someone can insert code, or swap a dynamically linked library with their > own alternative, it becomes possible to have your own code executed as root. > The system is then completely compromised.
The IB diags do use dynamically linked libs (libibmad and libibumad). -- Hal > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Woodruff, Robert J > Sent: 26 May 2010 17:19 > To: Hal Rosenstock > Cc: EWG > Subject: Re: [ewg] Allowing ib dignostics to be run without being logged in > as root. > > Hal wrote, > >>sudo can be configured for specific commands to be allowed to specific > users. > > Then perhaps that is a safer way to do it, but it would put more work > on the system admin to set it up for people, but if setting the permissions > of the commands to setuid root opens up a security hole, we would not want > that. > > Does anyone know if setting the permissions to setuid root does actually > open up a security hole ? > > woody > > > _______________________________________________ > ewg mailing list > [email protected] > http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ewg > > _______________________________________________ ewg mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ewg
