Ales wrote:
Strawman yes, but if we setuid to userid right after setting the console
stuff, there's nothing left to audit. We're not malicious software
makers so there's no chance anything else could happen? Or am I missing
something here?
eg:
fp starts
fp sets itself to uid 0
fp sets the required things as root
fp sets itself to original userid
fp finishes init
I don't see a problem with that. It's not nice to have a suid binary
requirement, but if there's no other way?
If there's no other way, it would still be nicer to have the suid code
in an entirely seperate executable. Running any complex program as suid
always makes me nerveous - and yes, I very much would have second
thoughts about even running the IDE at all.
Apart from that, your plan could work. I just really, really hope we
find some other way.
--
Regards,
Christian Iversen
_______________________________________________
fpc-devel maillist - fpc-devel@lists.freepascal.org
http://lists.freepascal.org/mailman/listinfo/fpc-devel
