[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: svgalib and SUID

On Wed, Dec 12, 2001 at 12:37:34AM +0200, Richard Braakman wrote:
> Hmm.  Normally, you just include it in the package with the suid bit
> set, and the admin can use dpkg-statoverride to change it.  If the
> program is useful even without suid, then I suggest shipping it without.

It isn't unless there is a way for non-suid programs to allow a user to
access the video card with svgalib....

> However, has anyone reviewed this program for security?  A new suid root
> program should be looked at by several pairs of eyes.  And even then it's
> not a good idea :-)

Of course.  At this point, not even I have looked it over for security. 
I'm just looking ahead to what I have left to do and how I will/may do
it when I get there.  I am just curious what the mechanism is for
getting a program that is SUID root into debian, should that be the way
I need to go, or if there is another, better, way to give a proggie
access to a video card via svgalib.

Steaphan Greene <sgreene@cs.binghamton.edu>
GPG public key: http://www.cs.binghamton.edu/~sgreene/gpg.key.txt

Attachment: pgpPMypybVnCo.pgp
Description: PGP signature

Reply to: