OT: suid programs vs. sudo access (Re: NetworkManager or Wifi-Radar?)

Robby Workman xfce at rlworkman.net
Sat Jun 14 03:47:03 CEST 2008


Brian J. Tarricone wrote:
> Grant McWilliams wrote:
>> gag, cough sputter. An SUID program is better than a SUDO entry???? I'm
>> going to use this thread for my Linux Host System Security class on Tuesday!
> 
> It can be, if done properly.  A sudo entry to run a particular app as 
> root password-less forces you to rely on sudo itself being well behaved 
> and secure.
> 
> A binary with perms set to -rwsr-x--- and ownership set to root:foo (and 
> put users allowed to run it in group foo) only relies on the OS's 
> built-in facilities and is certainly no less secure than a password-less 
> sudo entry.  I'd argue it's more secure.
> 
> Though really, the security concerns of using suid vs. sudo are dwarfed 
> by those of running a GUI app as root.  wpa_gui uses Qt, right?  Care to 
> audit all of Qt for security issues?


Okay, don't go throwing logic and reasoning into the whole suid binary
discussion - Chicken Little will be disappointed...

-RW



More information about the Xfce mailing list