Hallo Ivanko,
Du schriebst am Sun, 12 Aug 2012 01:31:41 +0500:
> running via the SUID bit or 2) running
> ========
> Baf, very bad practice.
^d >-]
> =========
> Not too if provided by distro that's won't be replaceable by non-root
> users & its functionality doesn't allow it to replace oneself with a
> malware or bugged version etc.
_AND_ if the application has been thoroughly tested to be trustworthy, and
reliably so.
Ad that's certainly _not_ the case for an application such as MSE-IDE, Not
because it might not trustworthy itself, but because for one it is an X11
application and because it might invoke other applications itself and
communicate with background processes.
> For instance, PPPD, PING ... are SUID utilities AFAIK.
Perhaps ping might be, but certainly not pppd - no deamon needs to be suid
root, because they're usually invoked by root anyway. There may be some
that are suid another user, because that's their working account separate
from root, but most switch to their working account themselves (which is a
one-way switch - they cannot switch back).
--
(Weitergabe von Adressdaten, Telefonnummern u.ä. ohne Zustimmung
nicht gestattet, ebenso Zusendung von Werbung oder ähnlichem)
-----------------------------------------------------------
Mit freundlichen Grüßen, S. Schicktanz
-----------------------------------------------------------
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
mseide-msegui-talk mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mseide-msegui-talk
