From kde-devel Fri Jun 25 01:22:46 1999 From: Christian Esken Date: Fri, 25 Jun 1999 01:22:46 +0000 To: kde-devel Subject: Re: kcontrol and setuid X-MARC-Message: https://marc.info/?l=kde-devel&m=93027439613882 On Tue, 22 Jun 1999 Carlo Robazza wrote: >Hi there, > >I am doing some work on kcontrol and I need a bit of help. > >When a user runs kcontrol and tries to modify, for example, the date >they must enter the root password. They can then modify the date for the > >system. If they then start up another module that requires the root >password, without having exited kcontrol, they are prompted for the root > >password again. I would like to prevent the user from having to enter >the root password if they have already done that. In other words, if the > >user has already entered the root password, it stays active until >kcontrol is closed down. > >Any thoughts? This is very, very difficult. Hereīs the easy, but bad way: Either kcontrol or the corresponding control modules must be SUID root. Which is very, very, very bad in terms of security --- donīt do it. Hereīs the better way: Much better would be a modular concept., where you have a SUID application starter for minimalistic specialized programs (e.g. one for setting the clock). This applications starter would have to check if the current user is allowed to use the set-clock program. Or use a fork-off concept, like todays kppp does. I repeat: Never ever even think of making a program with GUI suid root. It will most likely not make it into CVS! Christian -- Is Unix ready for the desktop? See http://www.kde.org The Christian Esken |/ Desktop KDE Developer |\ Environment esken@kde.org KDE - The net transparent free Unix Desktop for everyone