Re: Proposed modules: my consensus so far



Today at 17:56, Mark McLoughlin wrote:

> 	What I'm getting at is that, in this case, it appears to me a "this
> program should prompt for the root password at startup" interface works
> out better than a "run this program as root" API[1].

Except that it doesn't sound too nice to have your root password
lurking around the memory in cleartext or reversable hash form (so it
could be used for actual su calls) for entire program lifetime—if I
didn't miss anything.

Of course, this can easily be solved if all the programs are
specially installed and ran, what you seem to be hinting at (probably
what usermode does anyway), so that separate program keeps track of
who's "privileged" (has entered the password), and has enough
privileges to run any program whatsoever (ok, this can be more
verbose, but with it comes a greater risk of fauly program).  Such
program would have to be throughoutly tested for security though.

I admit I don't know much about usermode, but is this what it
provides?  If not, I'd feel much better with "ask me for password
every time" than unaudited software having all the privileges (since
it seems a consensus that we need a way to run programs with elevated
privileges).

Cheers,
Danilo



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]