Date: Fri, 19 Oct 2001 13:41:34 -0400 (EDT) From: Frank Tobin <ftobin@neverending.org> To: Will Andrews <will@physics.purdue.edu> Cc: security@FreeBSD.ORG Subject: Re: KCheckPass -- make it setuid root or not? Message-ID: <20011019133826.O4565-100000@palanthas.neverending.org> In-Reply-To: <20011019120706.T25747@squall.waterspout.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Will Andrews, at 12:07 -0500 on 2001-10-19, wrote: OK, so I keep getting mail every now and then from people who can't figure out why kcheckpass / kscreensaver won't authenticate their password(s). It's because I decided to play it safe and made kcheckpass non setuid root, which it needs in order to call getpwnam(). Why would you choose to make it non setuid root? Isn't the warning that is associated with all setuid-installed programs enough? Not installing it setuid-root would be like installing sudo without setuid; it's pointless without the bit set. You can't count on the warning messages to get to the user; if someone goes to ports/x11/kde2, and does "make install", the message is going to be buried in the middle of compiling kdelibs, kdebase, kdemultimedia, kdenetwork, etc. -- Frank Tobin http://www.neverending.org/~ftobin/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011019133826.O4565-100000>