[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Excessive root usage in Debian

John Goerzen wrote:
> We run all sorts of things as root that really shouldn't.  We run
> sendmailconfig, a big shell script that invokes m4, makemap, and
> various other programs as root.  Few of the things that script does
> should be run as root.  There's no sane reason to run m4 as root.
> Nobody has even audited tthese things for security for running as
> root!

There's very little point in auditing programs that run as root unless they

a) Take input form some source a non-root user might control.
b) Can be started as root by a non-root user.

AFIAK neither a or b is true of m4 or makemap or sendmailconfig, or
update-menus for that matter (though you have a point aboutr resource limits).

see shy jo

Reply to: