Tim Tassonis timtas at cubic.ch
Sat Jun 30 23:36:02 CEST 2007

Jean-Philippe Guillemin wrote:
> Your reply helped me understand what a login manager is, thank you, I 
> will sleep better tonight :)
> I tried to make you understand the difference between a setuid program 
> and non-setuid program...
> It seems I failed.

Well, no, but you seem to fail to see the difference between a login 
manager and a logged-in root running a program.

My point was that a login manager has some of the same security 
implications as a setuid program: a program running as root, but 
accessible by arbitrary users.

It seems I failed to convince you that's the case. To quote you again:

> A program that can only be started by root is useless for somebody that 
> ... **wants** to be root  ;) 

This just does not apply to a login manager, as it is accessible to a 
non-root user. The fact that it's started by root doesn't make a 
difference. If the login manager runs under root and has an exploitable 
buffer overflow problem in the input handling, anybody allowed to use 
the login manager can trigger it, and then he's root.

But you're right that a setuid program is generally even more exposed to 
attacks as you can also pass parameters and provide it with an 
environment when calling it.

So we might agree on that it's some kind of half-a-setuid-program?


More information about the Xfce4-dev mailing list