Re: Using gconf in setuid program?

From: Mark McLoughlin <markmc redhat com>
To: David Zeuthen <david fubar dk>
Cc: gconf-list gnome org
Subject: Re: Using gconf in setuid program?
Date: Wed, 29 Jun 2005 13:30:08 +0100

On Wed, 2005-06-29 at 08:03 -0400, David Zeuthen wrote:
> On Jun 29, 2005, at 3:42 AM, Mark McLoughlin wrote:

> >     In that case, then, you it not make sense for gnome-mount to  
> > just read
> > the policy from GConf and pass it to the helper via the command  
> > line or
> > environment?
> 
> But this would break for mandatory settings because the setuid helper  
> cannot really trust gnome-mount (or anyone else invoking the the  
> setuid helper). So the setuid helper really needs to check this himself.

	Yeah, good point. Forking a process, dropping back to the original uid
and exec()ing gconftool-2 to check the key may be the best option as you
say.

	Thinking it through, I can't see any obvious problems, but it all makes
me fairly nervous.

Cheers,
Mark.

Follow-Ups:
- Re: Using gconf in setuid program?
  - From: David Zeuthen

References:
- Using gconf in setuid program?
  - From: David Zeuthen
- Re: Using gconf in setuid program?
  - From: Mark McLoughlin
- Re: Using gconf in setuid program?
  - From: David Zeuthen
- Re: Using gconf in setuid program?
  - From: Mark McLoughlin
- Re: Using gconf in setuid program?
  - From: David Zeuthen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]