[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: it's so easy ...

On Thu, Sep 21, 2000 at 01:43:05AM +0200, Daniele Cruciani wrote:
> Sorry, i think here there was a misunderstood, I wasn't talking about
> a possible bug of RH, but of a possible facility...
> I've missed something: before starting the program that require root
> privileges, RH starts a program for asking root's password, and next (if
> the given password is correct) it start root's program.

it would be better for the configuration program to run unprivileged
as the user, ask the user for the root password and run a small non-X
backend program which checks the root password and takes care of the
privileged operations.

ideally this small module doing the privileged operations should use
pam, so things like pam_wheel can be used to prevent random schmuts
from messing around with configuration utils.  this module should be
the thing asking the password (perhaps an interface where the GUI app
displays a dialog but the password is passed to the module, similar to

running X based programs as root is evil, and should be avoided at all
costs.  (recently pointed about by bugs found in xlib, where there is
surely many many more)

> So, actually the program is launched by root, but the facility is that
> isn't needed to open a terminal emulator, su and start a program.

yes, this is a poor method anyway for security reasons.  X based
software should never be run as root.

> This scenario is for a desktop user, who could be afraid by textual
> interface and don't want to log in as root ... but also is for a lazy
> person that prefer simple way than hard one, when/if possible.

Apple's MacOSX (as least server, not sure if the client does it the
same) has graphical configuration programs that any user may run, but
privileged configurations (such as the network panel) are read-only
unless the user clicks a lock icon in the window, the program then
asks for the root password (if the user is member of group wheel i
think) and once supplied the read-only configuration screen becomes

Ethan Benson

Attachment: pgpw5Z7vs0zHM.pgp
Description: PGP signature

Reply to: