OT: suid programs vs. sudo access (Re: NetworkManager or Wifi-Radar?)

Jean-Christophe jc.sid at free.fr
Tue Jun 17 17:40:02 CEST 2008


> It can be, if done properly.  A sudo entry to run a particular app as 
> root password-less forces you to rely on sudo itself being well behaved 
> and secure.
>
> A binary with perms set to -rwsr-x--- and ownership set to root:foo (and 
> put users allowed to run it in group foo) only relies on the OS's 
> built-in facilities and is certainly no less secure than a password-less 
> sudo entry.  I'd argue it's more secure.
>   
So I did it, and it works: I can launch wpa_gui as $user, but it can't 
configure wpa_supplicant, which is a root process...



More information about the Xfce mailing list