jp.guillemin at free.fr
Sun Jul 1 08:36:30 CEST 2007
Many, many programs run as root and get their inputs from users, that's
common, that's the way to do it for many system level tasks, that's not
dangerous as long as input verification is performed and some care is
put in the code.
A setuid program is different in the way it expose stdin, stdout.
Tim Tassonis wrote:
> Jean-Philippe Guillemin wrote:
>> Your reply helped me understand what a login manager is, thank you, I
>> will sleep better tonight :)
>> I tried to make you understand the difference between a setuid program
>> and non-setuid program...
>> It seems I failed.
> Well, no, but you seem to fail to see the difference between a login
> manager and a logged-in root running a program.
> My point was that a login manager has some of the same security
> implications as a setuid program: a program running as root, but
> accessible by arbitrary users.
> It seems I failed to convince you that's the case. To quote you again:
>> A program that can only be started by root is useless for somebody that
>> ... **wants** to be root ;)
> This just does not apply to a login manager, as it is accessible to a
> non-root user. The fact that it's started by root doesn't make a
> difference. If the login manager runs under root and has an exploitable
> buffer overflow problem in the input handling, anybody allowed to use
> the login manager can trigger it, and then he's root.
> But you're right that a setuid program is generally even more exposed to
> attacks as you can also pass parameters and provide it with an
> environment when calling it.
> So we might agree on that it's some kind of half-a-setuid-program?
> Xfce4-dev mailing list
> Xfce4-dev at xfce.org
More information about the Xfce4-dev