Re: [Suggestion] Formatting in GMC




Matthias Warkus writes:
>Obviously, gsu could be useful here. Hm... I don't want to rant
>*again*, but what's happened to gsu?

gtk programs that are setuid root aren't considered to be a good
idea.  gtk/gdk/glib/all them engines are not re-audited for security
after every change...

At risk of boring people with something I've posted a few times
before:

In Red Hat Linux, we have a tool which other distributions could
easily pick up as long as they have PAM.  It is a small wrapper
package that has a non-setuid gui part and a tiny setuid non-gui
part that tells the gui part what to display and gets input back
from the gui part.  In addition, the fact that it uses PAM means
that it can be used for nearly arbitrary kinds of authentication.
It *also* happens to work essentially transparently -- the calling
application would run, say, /usr/bin/foo, which would authenticate
the user, then run /usr/sbin/foo.  What's nice is that this can be
set up to ask for passwords, or demand passwords only if the user
is not at the system console, or *however the sysadmin wants it
to be set up on a per-machine AND per-application basis*.  I can
improve the wrapper as needed to meet new needs better; I know of
one improvement I need already...

michaelkjohnson

"Magazines all too frequently lead to books and should be regarded by the
 prudent as the heavy petting of literature."            -- Fran Lebowitz
 Linux Application Development     http://people.redhat.com/johnsonm/lad/



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]