RE: Package Manager Denies Permission to Install

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2009-01-21 at 11:36 +0100, Kevin Kofler wrote:
> That stuff affects setuid, i.e. where you're giving out blanket
> permission to *anyone* to run code as root.

Right.

> What we're talking about in this thread is somebody who knows the root
> password logging in as root on their own machine and running the
> entire session as root. Quite a different scenario from a security
> perspective.

Sure, but my point if that GTK code is untrusted, and just not designed
to be run with elevated privileges. A buffer-overflow is an easy exploit
if the code is running as uid 0, whether running as setuid or as root.

Point taken tho.

Richard.


-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux