On Thu, 11 Apr 2002, Grigory Batalov wrote: > What is more safe: > > 1) to start dosemu as 'sudo dosemu' or 'su -c dosemu' > or > 2) make suid-root copy of dosemu.bin and grant permisions > in /etc/dosemu.users to execute it ??
Opinions differ on this. 2) is safer for the users because a suid-root dosemu mostly runs as normal user and only gets the root identity when necessary. So you cannot change files owned by root on lredir'ed drives, for instance. However, the existence of a suid-root dosemu can be a problem if you are afraid of local attacks (normal user trying to become root). DPMI programs in DOSEMU can overwrite DOSEMU's heap and other things (see README.txt). And other problems were just recently found for 1.1.3 and earlier (fixed in 1.1.3.1). I would say that 1) is more secure but 2) is more safe. And of course, we're slowly trying to make non-suid-root dosemu more capable, so you don't need 1) and 2). But then, you want your favourite game to work fullscreen on the console, and that's difficult to do in X :(. Bart - To unsubscribe from this list: send the line "unsubscribe linux-msdos" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
