NetworkManager or Wifi-Radar?
Greg Folkert
greg at gregfolkert.net
Fri Jun 13 22:21:48 CEST 2008
On Fri, 2008-06-13 at 10:54 -0700, Grant McWilliams wrote:
> gag, cough sputter. An SUID program is better than a SUDO entry????
> I'm going to use this thread for my Linux Host System Security class
> on Tuesday!
>
> Grant
Have fun pointing out the whole reliance on SUDO and other many
mechanisms. Shoe-horning in another program named that with a
possibility to replace the Binary regardless of it being the right one.
and doing its bad work.
At least with the proper groups and proper right assigned to them, you;d
get MUCH less collateral damage.
Don't forget that, SUID/GUID programs have their place, this may just be
one of them.
Come on, there are always two sides to this stuff. There are other
alternatives as well.
> On Fri, Jun 13, 2008 at 6:49 AM, Greg Folkert <greg at gregfolkert.net>
> wrote:
> On Fri, 2008-06-13 at 14:31 +0200, Jean-Christophe wrote:
> > I found this thread and I could suggest another soft:
> wpa_gui, which is
> > the most highly capable I found.
> > I made a hotkey launching 'sudo wpa_gui' (it must be
> launched as root)
> > and added 'ALL ALL=NOPASSWD: /usr/sbin/wpa_gui' to
> sudoers with visudo.
>
>
> I know many people hate SUID programs... but rather than make
> a grievous
> SUDOERS ENTRY like that...
>
> Why not make the program SUID and owned by root? Or at least
> GUID and
> proper groups memberships for the running user.
--
greg at gregfolkert.net
PGP key 1024D/B524687C 2003-08-05
Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C
Alternate Fingerprint: 09F9 1102 9D74 E35B D841 56C5 6356 88C0
Alternate Fingerprint: 455F E104 22CA 29C4 933F 9505 2B79 2AB2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://mail.xfce.org/pipermail/xfce/attachments/20080613/c3cffa2f/attachment.pgp>
More information about the Xfce
mailing list