Re: Install program

From: Steve Dunham <dunham cps msu edu>
To: Marc Ewing <marc redhat com>, gnome-list gnome org
Subject: Re: Install program
Date: 20 Apr 1998 12:25:07 -0400

"Ben 'The Con Man' Kahn" <xkahn@mail.cybersites.com> writes:

> On Sun, 19 Apr 1998, Marc Ewing wrote:
> 
> > This won't happen.  At least not in grpm.  It'd need to be suid root
> > to do that, and there is no way I'm going to do that :-).  If you
> > want to install as root, you'll need to su and then run grpm.  Or,
> > you can implement any policy you like with sudo.

You could always implement a client/server version of librpm. :) 

sudo wouldn't work too well in combination with a secure X setup,
you'd have to pass the cookie too (especially if the users home
directory is NFS mounted - but anyone authorized to install packages
on a site that large can handle passing cookies around).

> 	Umm.. Then how does SGI do this?  I checked the SGI I have access
> to. I ran SoftwareManager...  It started up with a dialog box askign for
> the root password.  (Or I could click cancel and it would allow me to
> view data, but not change anything.)  I checked the file, and it was not
> suid root or anything else.  What is so special about what they're doing
> that we can't do?

SGIs are evil, we don't want to emulate the details, just the idea.
I'm not sure how SGI does it, but I do know that there was a security
hole for a while that went like this: Enter incorrect password for
root, then later run their text editor and you can edit any file as
root.

Follow-Ups:
- Re: Install program
  - From: Tom Tromey

References:
- Re: Install program
  - From: Ben 'The Con Man' Kahn

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]