timtas at cubic.ch
Sat Jun 30 23:36:02 CEST 2007
Jean-Philippe Guillemin wrote:
> Your reply helped me understand what a login manager is, thank you, I
> will sleep better tonight :)
> I tried to make you understand the difference between a setuid program
> and non-setuid program...
> It seems I failed.
Well, no, but you seem to fail to see the difference between a login
manager and a logged-in root running a program.
My point was that a login manager has some of the same security
implications as a setuid program: a program running as root, but
accessible by arbitrary users.
It seems I failed to convince you that's the case. To quote you again:
> A program that can only be started by root is useless for somebody that
> ... **wants** to be root ;)
This just does not apply to a login manager, as it is accessible to a
non-root user. The fact that it's started by root doesn't make a
difference. If the login manager runs under root and has an exploitable
buffer overflow problem in the input handling, anybody allowed to use
the login manager can trigger it, and then he's root.
But you're right that a setuid program is generally even more exposed to
attacks as you can also pass parameters and provide it with an
environment when calling it.
So we might agree on that it's some kind of half-a-setuid-program?
More information about the Xfce4-dev