[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: Running part of the code with superuser privileges
From: Ingo Krabbe <ikrabbe.ask () web ! de>
Date: 2006-05-29 8:35:47
Message-ID: 200605291035.47954.ikrabbe.ask () web ! de
[Download RAW message or body]
Am Montag, 29. Mai 2006 10:10 schrieb Iván Forcada Atienza:
>
> Well, setuid root is comfortable but: why is the use of kdesu insecure??
> I personally don't like setuid root (no special reason). I prefer the
> use of sudo instead because it allows a more fine-grained permissions
> control.
>
Ouch, no I didn't said that the use of kdesu is insecure, but it is insecure
to run a process with root privileges that only needs this privileges for a
small, temporary part. It is better to isolate the root privileges to a
small process that has a short lifetime and that you can control better.
I don't know the exact policies of identity switching but the best way to do
something is to have clear constraints.
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic