NetworkManager or Wifi-Radar?

Greg Folkert greg at gregfolkert.net
Fri Jun 13 22:21:48 CEST 2008


On Fri, 2008-06-13 at 10:54 -0700, Grant McWilliams wrote:
> gag, cough sputter. An SUID program is better than a SUDO entry????
> I'm going to use this thread for my Linux Host System Security class
> on Tuesday!
> 
> Grant

Have fun pointing out the whole reliance on SUDO and other many
mechanisms. Shoe-horning in another program named that with a
possibility to replace the Binary regardless of it being the right one.
and doing its bad work.

At least with the proper groups and proper right assigned to them, you;d
get MUCH less collateral damage.

Don't forget that, SUID/GUID programs have their place, this may just be
one of them.

Come on, there are always two sides to this stuff. There are other
alternatives as well.

> On Fri, Jun 13, 2008 at 6:49 AM, Greg Folkert <greg at gregfolkert.net>
> wrote:
>         On Fri, 2008-06-13 at 14:31 +0200, Jean-Christophe wrote:
>         > I found this thread and I could suggest another soft:
>         wpa_gui, which is
>         > the most highly capable I found.
>         > I made a hotkey launching 'sudo wpa_gui' (it must be
>         launched as root)
>         > and added 'ALL     ALL=NOPASSWD: /usr/sbin/wpa_gui' to
>         sudoers with visudo.
>         
>         
>         I know many people hate SUID programs... but rather than make
>         a grievous
>         SUDOERS ENTRY like that...
>         
>         Why not make the program SUID and owned by root? Or at least
>         GUID and
>         proper groups memberships for the running user.

-- 
greg at gregfolkert.net
PGP key 1024D/B524687C 2003-08-05
Fingerprint: E1D3 E3D7 5850 957E FED0  2B3A ED66 6971 B524 687C
Alternate Fingerprint: 09F9 1102 9D74  E35B D841 56C5 6356 88C0
Alternate Fingerprint: 455F E104 22CA  29C4 933F 9505 2B79 2AB2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://mail.xfce.org/pipermail/xfce/attachments/20080613/c3cffa2f/attachment.pgp>


More information about the Xfce mailing list