Re: cons.saver not suid root

On Wed, Jun 08, 2005 at 05:42:07PM +0200, Koblinger Egmont wrote:
> On Wed, Jun 08, 2005 at 04:49:11PM +0200, Oswald Buddenhagen wrote:
> > we have no portable (even across
> > linuxes) way to create a vcsa user, so there is no other option than
> > root.
> How about not creating a user or group, but observing the installed system?

> IMHO if all the vcsa devices are owned by the same user or same group whose
> uid/gid is below 100, then we could assume that that one is a vcsa-like user
> or group, and install mc setgid or setuid to that particular gid or uid.
the number 100 is 100% arbitrary when looking at the linux landscape.
also, i loathe putting anything more intelligent than
stat("/dev/vcsa0").group == "vcsa"
in the detection logic - _this_ might become a real security hole.

Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
Chaos, panic, and disorder - my work here is done.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]