On Thu, Jan 02, 2003 at 03:56:39PM -0700, Craig Kelley wrote: > On Thu, 2 Jan 2003, Steve Langasek wrote:
> > On Thu, Jan 02, 2003 at 02:23:09PM -0700, Craig Kelley wrote: > > > > I consider confusing smbpasswd with the Unix passwd command a sign that > > > > one doesn't really have that much knowledge, at least where smbpasswd > > > > itself is concerned. It's easy to jump to the conclusion that smbpasswd > > > > needs root privs to make changes to the smbpasswd file -- it does not -- > > > > and the program has *not* been audited for use as an suid program, so > > > > it's dangerous to treat it the same as passwd. > > > > So if someone can run smbpasswd indirectly from an suid wrapper, there's > > > > still a high potential for security problems, the same as if smbpasswd is > > > > suid itself. If you need to let users call smbpasswd in an suid root > > > > context, your wrapper should do its own vetting of the user input and > > > > then assume full root privileges. > > > Then let's add suid checking to every program. > > Most programs don't have the problem of people assuming they're analogous > > to other suid programs. > Most people who understand how to bless suid powers on an executable > are familiar with the ramifications of doing so. Are you hiring? Wherever you got this idea is somewhere I think I'd like to be. ;) Cheers, -- Steve Langasek postmodern programmer
msg05167/pgp00000.pgp
Description: PGP signature
