Steve Langasek wrote: > No, that would be a security hole. Even making it setgid disk would be a > security hole, since the disk group has write access to all disk devices. I didn't mean a simple wrapper around the binary, I meant a wrapper around the binary with a specific set of arguments, locking the used to a single read-only operation (which seems to be what the front end needs). Now that you mention it, my original thought would still pose a security threat in case the fdisk could somehow be exploited through the wrapper, but then again this is precisely the same level of security any other setuid binary in the system has. Cheers -- Leo "costela" Antunes [insert a witty retort here]
Attachment:
signature.asc
Description: OpenPGP digital signature