Strawman yes, but if we setuid to userid right after setting the console stuff, there's nothing left to audit. We're not malicious software makers so there's no chance anything else could happen? Or am I missing something here?
eg: fp starts fp sets itself to uid 0 fp sets the required things as root fp sets itself to original userid fp finishes init I don't see a problem with that. It's not nice to have a suid binary requirement, but if there's no other way? Christian Iversen wrote / napísal(a): > Ales wrote: >> Why? You have your good ol' PING doing it. > > Unbelievable strawman argument there. > > This is not at all a critique of the IDE, but please don't compare the > complexity of "ping" and "fpide"(!) > >> I agree tho that if a wrapper can do it for us it's safest. Or if the >> ide can do it on start, and always setuid(userid) itself right after >> setting the proper things. I don't see a problem with ANY program >> being setuid if it has a proper reason, and is audited for it. > > There is a very serious limit as to how many lines of code one can > audit. A project the size of the IDE is unauditable, given it's size. > This again is not meant to criticize the IDE - any project of the size > is unauditable. > _______________________________________________ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
