Re: GNOME and superuser (privilege raising) integration
- From: Sean Middleditch <elanthis awesomeplay com>
- To: desktop-devel-list gnome org
- Subject: Re: GNOME and superuser (privilege raising) integration
- Date: 14 May 2003 10:08:36 -0400
On Wed, 2003-05-14 at 09:51, Hongli Lai wrote:
> On Wednesday 14 May 2003 15:12, Sean Middleditch wrote:
> > > They don't have to be setuid root. They just talk to su/sudo.
> >
> > Right. I thought you wanted a bunch of different backends? PAM on some
> > systems, su on others, etc.? To get the full flexibility of PAM when
> > available? (Since su is rather, well, black and white.)
>
> Maybe you'll understand it better if you take a look at the source code.
Right. Missed the link to that in the original mail. ^^;
Your PAM backend rather worries me. First, you are checking for a PAM
entry - you are only using the /etc/pam.d, which is platform specific
(notably, most PAM platforms, and Linux can do this too, uses a single
file for all apps.) Also, that ignores the fact that PAM works
perfectly well without an entry - the "other" entry is just used
instead.
Second, what is the reason for using /bin/sh ? I can't think of any
reason to open that security hole without the user/app specifically
requesting an app to be run thru a shell. I might be missing a specific
use case, tho. ;-)
Still a bit leary about using console helper, since so few distros ship
it, but perhaps that will change.
> _______________________________________________
> desktop-devel-list mailing list
> desktop-devel-list gnome org
> http://mail.gnome.org/mailman/listinfo/desktop-devel-list
>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
