Date: Fri, 19 Oct 2001 15:35:10 -0400 From: Zvezdan Petkovic <zvezdan@CS.WM.EDU> To: security@FreeBSD.ORG Subject: Re: KCheckPass -- make it setuid root or not? Message-ID: <20011019153510.A3031@corona.cs.wm.edu> In-Reply-To: <20011019133826.O4565-100000@palanthas.neverending.org>; from ftobin@neverending.org on Fri, Oct 19, 2001 at 01:41:34PM -0400 References: <20011019120706.T25747@squall.waterspout.com> <20011019133826.O4565-100000@palanthas.neverending.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 19, 2001 at 01:41:34PM -0400, Frank Tobin wrote: > Will Andrews, at 12:07 -0500 on 2001-10-19, wrote: > > OK, so I keep getting mail every now and then from people who can't > figure out why kcheckpass / kscreensaver won't authenticate their > password(s). It's because I decided to play it safe and made > kcheckpass non setuid root, which it needs in order to call > getpwnam(). > > Why would you choose to make it non setuid root? Isn't the warning that > is associated with all setuid-installed programs enough? Not installing > it setuid-root would be like installing sudo without setuid; it's > pointless without the bit set. > Or a similar reasoning: Is it any safer to have xterm or rxvt run as suid than kcheckpass? -- Zvezdan Petkovic <zvezdan@cs.wm.edu> http://www.cs.wm.edu/~zvezdan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011019153510.A3031>