On Wed, 18 Jun 2014, Jason KG4WSV wrote:
chmod 4755 /usr/local/bin/xastir
This is not a good idea - from a security standpoint it's very bad, and unless
xastir is designed to drop/escalate the euid as needed you will end up with
files in the users directory that are owned by root, leading to other problems.
Xastir does this, but would you want to trust security of your system to a
bunch of hobbyists? ;-)
We do what we can, but I wouldn't say Xastir has been thoroughly gone through
from a security standpoint. It's better than a lot of programs, as we took
care when writing/modifying that portion of code, but there are no guarantees.
The problem isn't xastir, it's ax25 networking. Maybe someone can offer a fix
(e.g. udev rule) to solve the actual problem?
Technically it isn't a problem: The AX.25 networking port is implemented
similarly to ethernet ports in terms of permissions.
For Xastir to be able to access the port, it needs root privileges. Since it is a bad
idea to run Xastir as root, you run it as a normal user but do the "chmod 4755"
thing against the executable. Hopefully those people who run that command have some idea
of the implications to security. Because of this it was decided NOT to put it into the
script. Those that need it can run the command separately, and hopefully read up on what
it means prior.
--
Curt, WE7U. http://wetnet.net/~we7u
APRS Client Capabilities: http://wetnet.net/~we7u/aprs_capabilities.html
_______________________________________________
Xastir mailing list
[email protected]
http://xastir.org/mailman/listinfo/xastir
