Ales wrote:
And to add to my last setuid stuff.. I think that if we properly audit
the IDE code so that:
a) fpc is called in the uid of the original ide starter
b) the "console" is run in the uid of the original ide starter
c) compiler programs are called in the uid of the original IDE starter
I think it's ok to use setuid after these. Ofcourse, depending on how
the IDE executes all the externals, it might be a trouble. But if we do
some typical fork, it shouldn't be so difficult (I'm willing to do this
should we decide to go this route).
There is absolutely no clean way to use setuid in a program the size of
the IDE. Trust me.
It is vaguely possible that a very small (think "less than 100 LOC")
wrapper could be generated, which will simply set certain configuration
parameters of the PTY that the IDE is attached to. I imagine that this
would work.
This could be distributed, and called from the IDE after startup. The
entire IDE would then be run completely as normal, by the user.
Even with such a small wrapper, one would have to put a big fat warning
in the README file and similar places. In the Debian package, debconf
should ask the user if s/he is ok with installing a suid program.
If this is not feasible, then the IDE will have to be redistributed with
reduced functionality. You just cannot compromise when it comes to
security matters. Ever.
--
Regards,
Christian Iversen
_______________________________________________
fpc-devel maillist - fpc-devel@lists.freepascal.org
http://lists.freepascal.org/mailman/listinfo/fpc-devel
