[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: kcontrol and setuid
From: Christian Esken <c.esken () cityweb ! de>
Date: 1999-06-25 1:22:46
[Download RAW message or body]
On Tue, 22 Jun 1999 Carlo Robazza wrote:
>Hi there,
>
>I am doing some work on kcontrol and I need a bit of help.
>
>When a user runs kcontrol and tries to modify, for example, the date
>they must enter the root password. They can then modify the date for the
>
>system. If they then start up another module that requires the root
>password, without having exited kcontrol, they are prompted for the root
>
>password again. I would like to prevent the user from having to enter
>the root password if they have already done that. In other words, if the
>
>user has already entered the root password, it stays active until
>kcontrol is closed down.
>
>Any thoughts?
This is very, very difficult.
Hereīs the easy, but bad way:
Either kcontrol or the corresponding control modules must be SUID root.
Which is very, very, very bad in terms of security --- donīt do it.
Hereīs the better way:
Much better would be a modular concept., where you have a SUID
application starter for minimalistic specialized programs (e.g. one for
setting the clock). This applications starter would have to check if
the current user is allowed to use the set-clock program.
Or use a fork-off concept, like todays kppp does.
I repeat: Never ever even think of making a program with GUI suid root.
It will most likely not make it into CVS!
Christian
--
Is Unix ready for the desktop? See http://www.kde.org
The Christian Esken
|/ Desktop KDE Developer
|\ Environment esken@kde.org
KDE - The net transparent free Unix Desktop for everyone
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic