LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

People's reaction to this is just stupid.

People's reaction to this is just stupid.

Posted Nov 19, 2009 23:40 UTC (Thu) by drag (subscriber, #31333)
In reply to: People's reaction to this is just stupid. by dlang
Parent article: Fedora 12 lets unprivileged users install packages

Sure.

Having setuid root binaries is a security problem themselves, period, and
that sort of thing should eliminated...

(Log in to post comments)

People's reaction to this is just stupid.

Posted Nov 20, 2009 0:44 UTC (Fri) by gmaxwell (subscriber, #30048) [Link]

At least suid is trivially auditable (find!) and there is decades of established practices, policy, and procedures in dealing with it. I can walk into any library or bookstore and find books on securing systems that cover the subject of SUID binaries and that knowledge and experience is generally portable, not just to all GNU/Linux distributions but across unixes in general.

Eliminating SUID by replacing it with controls buried in a windows-registry like database isn't necessarily an improvement.

People's reaction to this is just stupid.

Posted Nov 20, 2009 1:21 UTC (Fri) by drag (subscriber, #31333) [Link]

Eliminating SUID by replacing it with controls buried in a windows- registry like database isn't necessarily an improvement.

Not always, of course. But I think in the case of policykit and the other *kits it is.

This is simply because it should be unnecessary to perform normal desktop operations without resorting to running privileged code under a user's account. These things eliminate that for common cases.

I don't think that sudo/su should be eliminated for everything. It should be reserved as a administrative tool and users should only be required to be prompted for the root password or run root code under their account in special cases. I think that in the cases of installing/updating software is such a mundane and everyday event that invoking root password or running code as root is diminishing the security of the typical desktop scenario when a alternative exists.

Now for managed desktops then that sort of activity should be forbidden, which is easy enough to accomplish through packagekit/policykit.

(also I don't consider storing policy as XML files in directories to be anything like what the negative things the windows registry does...)

I do think that having this default spread to _all_ user accounts by default is a bad idea, though.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds