xfdm

Jean-Philippe Guillemin jp.guillemin at free.fr
Sat Jun 30 17:14:48 CEST 2007 

Tim Tassonis wrote:
> Jean-Philippe Guillemin wrote:
>   
>> Tim Tassonis wrote:
>>     
>>> Hi Auke
>>>
>>>   
>>>       
>>>> that should not be the case... a login manager should run *as* root but 
>>>> certainly not be setuid root.
>>>>     
>>>>         
>>> Of course, you are right. But it doesn't really matter. The point is 
>>> that a user sits in front of a program that runs as root, but the user 
>>> is not root. That results in the same implications as a setuid program.
>>>   
>>>       
>> Not really :
>> - A suid program can be launched by Bill and will run as if Bill was root.
>> - A 754 root:root program can only be started by root. It makes a big 
>> difference.
>>     
>
> The problem is: The login program will be started autamotically, bill 
> doesn't even have to start it to in order to use it.
>
>   
>> If the suid program has an exploitable buffer overflow problem : anybody 
>> getting unprivileged access to the computer can launch the suid program 
>> with appropriate shell code, and then he's root.
>>     
>
> Same here: Anybody getting the login screen translates to any person 
> getting the login screen. Fewer people will be able to, but that's not 
> the point. In an office, this will be anybody being able to walk to the 
> computer and switch it on.
>
>   
>> A program that can only be started by root is useless for somebody that 
>> ... **wants** to be root ;)
>>     
>
> The login program is started automotically, you don't even _have_ to 
> start it. That's the point of a login manager.
>
>
> I still think it's exactly the same as a setuid root program.
>   

Your reply helped me understand what a login manager is, thank you, I 
will sleep better tonight :)

I tried to make you understand the difference between a setuid program 
and non-setuid program...

It seems I failed.

JP

>
> Bye
> Tim
>
>
>
>   
>> JP
>>
>>
>> _______________________________________________
>> Xfce4-dev mailing list
>> Xfce4-dev at xfce.org
>> http://foo-projects.org/mailman/listinfo/xfce4-dev
>>     
>
> _______________________________________________
> Xfce4-dev mailing list
> Xfce4-dev at xfce.org
> http://foo-projects.org/mailman/listinfo/xfce4-dev
>

More information about the Xfce4-dev mailing list