Re: GNOME privilege library

From: Sean Middleditch <elanthis awesomeplay com>
To: Xavier Bestel <xavier bestel free fr>
Cc: Desktop Devel <desktop-devel-list gnome org>
Subject: Re: GNOME privilege library
Date: Thu, 13 Jan 2005 12:48:17 -0500

On Thu, 2005-01-13 at 18:06 +0100, Xavier Bestel wrote:
> Le jeudi 13 janvier 2005 à 11:26 -0500, Sean Middleditch a écrit :
> > Additionally, the registration can note with processes can use which
> > backend.  /usr/libexec/gnome-procman-renice is only registered
> > to /usr/bin/gnome-procman, for example.  If ~/Downloads/random-trojan
> > tries to use it the API would refuse, until the administrator granted
> > that binary access.
> 
> Isn't this easily defeated with a bit of LD_PRELOAD magic ?

No.  In order to start any of these with privileges, you need a
privileged helper program - i.e., setuid.  LD_PRELOAD is disabled for
setuid binaries.

> 	Xav
> 
> 
>

Follow-Ups:
- Re: GNOME privilege library
  - From: Xavier Bestel

References:
- GNOME privilege library
  - From: Sean Middleditch
- Re: GNOME privilege library
  - From: Xavier Bestel

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]