Re: Using gconf in setuid program?

From: David Zeuthen <david fubar dk>
To: Mark McLoughlin <markmc redhat com>
Cc: gconf-list gnome org
Subject: Re: Using gconf in setuid program?
Date: Thu, 30 Jun 2005 00:20:56 -0400


On Jun 29, 2005, at 8:30 AM, Mark McLoughlin wrote:

But this would break for mandatory settings because the setuid helper
cannot really trust gnome-mount (or anyone else invoking the the
setuid helper). So the setuid helper really needs to check thishimself.
Yeah, good point. Forking a process, dropping back to theoriginal uidand exec()ing gconftool-2 to check the key may be the best optionas you
say.
Thinking it through, I can't see any obvious problems, but itall makes
me fairly nervous.

Me too. Also, and this is pure speculation on my part, sincegconftool-2 is a simple wrapper for libgconf I guess it comes down towhether gconf is secure? E.g. if someone can fool gconftool-2 toignore mandatory settings you should be able to fool the rest of thedesktop too, right?

Btw, some notes in the docs about all this may be helpful, but Idon't know the specifics well enough to provide a patch :-)

However, returning to my specific application, the setuid helper willhave additional checks, e.g. on systems with pam_console we'll bailout early if the user is not at the console and I suppose OS'eswithout this can provide similar checks. So I'm not totally nervous.


Cheers,
David

References:
- Using gconf in setuid program?
  - From: David Zeuthen
- Re: Using gconf in setuid program?
  - From: Mark McLoughlin
- Re: Using gconf in setuid program?
  - From: David Zeuthen
- Re: Using gconf in setuid program?
  - From: Mark McLoughlin
- Re: Using gconf in setuid program?
  - From: David Zeuthen
- Re: Using gconf in setuid program?
  - From: Mark McLoughlin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]