Re: Using gconf in setuid program?
- From: David Zeuthen <david fubar dk>
- To: Mark McLoughlin <markmc redhat com>
- Cc: gconf-list gnome org
- Subject: Re: Using gconf in setuid program?
- Date: Thu, 30 Jun 2005 00:20:56 -0400
On Jun 29, 2005, at 8:30 AM, Mark McLoughlin wrote:
But this would break for mandatory settings because the setuid helper
cannot really trust gnome-mount (or anyone else invoking the the
setuid helper). So the setuid helper really needs to check this
himself.
Yeah, good point. Forking a process, dropping back to the
original uid
and exec()ing gconftool-2 to check the key may be the best option
as you
say.
Thinking it through, I can't see any obvious problems, but it
all makes
me fairly nervous.
Me too. Also, and this is pure speculation on my part, since
gconftool-2 is a simple wrapper for libgconf I guess it comes down to
whether gconf is secure? E.g. if someone can fool gconftool-2 to
ignore mandatory settings you should be able to fool the rest of the
desktop too, right?
Btw, some notes in the docs about all this may be helpful, but I
don't know the specifics well enough to provide a patch :-)
However, returning to my specific application, the setuid helper will
have additional checks, e.g. on systems with pam_console we'll bail
out early if the user is not at the console and I suppose OS'es
without this can provide similar checks. So I'm not totally nervous.
Cheers,
David
[
Date Prev][
Date Next] [
Thread Prev][Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]