[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: Running part of the code with superuser privileges
From: Iván Forcada Atienza <ivan () swscanner ! org>
Date: 2006-05-28 23:04:36
Message-ID: 20060528230436.GA23108 () masao ! forcada ! info
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[dom, 28 may 2006 19:56:17 +0200] - Albert Astals Cid:
> > Setuid root isn't allowed in KDE applications. The KApplication
> > constructor will abort the application.
>
> Well, kppp is setuid root AFAIK
> IIRC what it does is:
> * fork a process that does the privileged work
Does it starts as an unprivileged user and then forks a privileged
process?? Is it possible?? If I understood well, It's not possible. I'll
take a look at the source code.
> * drop privileges
> * create the KApplication
>
> But you can have a more real description looking at its sources :D
Thanks!! ;-)))
> Albert
>
> >
> > If you need to have root privileges, you need to either run as root, or
> > have a separate process to do your privileged work, which you can launch
> > with kdesu.
> >
> > >If it were me I'd just have a separate program that handles interfacing
> > > with the network stuff, and only with the network stuff. Have it
> > > setuid root and call it as necessary. And before I do any of this, I'd
> > > read the Secure Linux and UNIX Programming HOWTO by David Wheeler:
> > >http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.html
> >
> > Good advice.
>
> >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
>
--
__________________________________________________________________
Iván Forcada Atienza:
correo: ivan@forcada.info
jabber: ivanfor@jabber.guadawireless.org
------------------------------------------------------------------
Nodo guada21 en GuadaWireless usando Debian GNU/Linux:
http://el21.guadawireless.net
------------------------------------------------------------------
"Software is like sex: it's better when it's free" (Linus Torvalds)
[Attachment #5 (application/pgp-signature)]
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic