timtas at cubic.ch
Sun Jul 1 13:59:11 CEST 2007
Jean-Philippe Guillemin wrote:
> Many, many programs run as root and get their inputs from users, that's
> common, that's the way to do it for many system level tasks, that's not
> dangerous as long as input verification is performed and some care is
> put in the code.
Yes, and this of course does not apply to setuid root programs...
And yes: many, many programs run as root and get their input from normal
users, definitely! Apart from setuid root programs, network daemons come
to my mind, and they never have any security issues, I know...
> A setuid program is different in the way it expose stdin, stdout.
Stdin is just another way of input, where's the fundamental difference
to keyboard input?
More information about the Xfce4-dev