Re: Root Permissions
- From: Robert Bihlmeyer <robbe orcus priv at>
- To: gnome-list gnome org
- Subject: Re: Root Permissions
- Date: 14 Mar 1999 14:11:58 +0100
Hi,
>>>>> On Sat, 13 Mar 1999 02:52:42 +0000
>>>>> "James M. Cape" <jcape@jcinteractive.com> said:
James> "Jesse D . Sightler" wrote:
>>
>> Ever heard the word... Security? :) Somehow I suspect that this
>> would be very difficult to do in a fully secure manner.
It can be done. It's not easy though, and for many problems there are
simpler solutions.
James> I personally don't like the idea of a root session running
James> constantly. In addition, what if said applet crashes? Does it
James> crash the box?
Why should it? You're system is probably at fault if a crashing app
can bring it down. Of course, there's the possibility of a program
running as root going wild (e.g. deleting all files it finds), but the
chances are pretty slim.
James> Or worse, does it leave the session open?
How can it, when it crashes? One potential problem here are core
files. You'd have to instruct your system not to drop them for this
app - or drop them safely. (For reference: Linux seems to refuse
dumping cores for suid binaries).
James> I would like apps which need root permissions to ask
James> for them/prompt for them,
You could simply turn authentication token caching off.
James> but keeping a root session running or keeping the root
James> password unencrypted in memory or a temp file doesn't seem
James> like a good idea.
A password kept in memory can normally only be spied upon by users
having the same uid - root that is. If paging is a problem, prohibit
it with mlock(2).
An alternative to password caching is keeping a slave shell running.
That's just a glorified version of having a root xterm open.
Robbe
--
Robert Bihlmeyer reads: Deutsch, English, MIME, Latin-1, NO SPAM!
<robbe@orcus.priv.at> <http://stud2.tuwien.ac.at/~e9426626/sig.html>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]