OT: suid programs vs. sudo access (Re: NetworkManager or Wifi-Radar?)
Robby Workman
xfce at rlworkman.net
Sat Jun 14 03:47:03 CEST 2008
Brian J. Tarricone wrote:
> Grant McWilliams wrote:
>> gag, cough sputter. An SUID program is better than a SUDO entry???? I'm
>> going to use this thread for my Linux Host System Security class on Tuesday!
>
> It can be, if done properly. A sudo entry to run a particular app as
> root password-less forces you to rely on sudo itself being well behaved
> and secure.
>
> A binary with perms set to -rwsr-x--- and ownership set to root:foo (and
> put users allowed to run it in group foo) only relies on the OS's
> built-in facilities and is certainly no less secure than a password-less
> sudo entry. I'd argue it's more secure.
>
> Though really, the security concerns of using suid vs. sudo are dwarfed
> by those of running a GUI app as root. wpa_gui uses Qt, right? Care to
> audit all of Qt for security issues?
Okay, don't go throwing logic and reasoning into the whole suid binary
discussion - Chicken Little will be disappointed...
-RW
More information about the Xfce
mailing list