[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Running part of the code with superuser privileges
From:       Ingo Krabbe <ikrabbe.ask () web ! de>
Date:       2006-05-29 8:35:47
Message-ID: 200605291035.47954.ikrabbe.ask () web ! de
[Download RAW message or body]

Am Montag, 29. Mai 2006 10:10 schrieb Iván Forcada Atienza:
>
> Well, setuid root is comfortable but: why is the use of kdesu insecure??
> I personally don't like setuid root (no special reason). I prefer the
> use of sudo instead because it allows a more fine-grained permissions
> control.
>

Ouch, no I didn't said that the use of kdesu is insecure, but it is insecure 
to run a process with root privileges that only needs this privileges for a 
small, temporary part.  It is better to isolate the root privileges to a 
small process that has a short lifetime and that you can control better.

I don't know the exact policies of identity switching but the best way to do 
something  is to have clear constraints.
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

[prev in list] [next in list] [prev in thread] [next in thread]