Re: Policy question
On Mon, Feb 01, 1999 at 11:41:09PM +0000, Julian Gilbey wrote:
> An example of a package which already does almost exactly the same is
> the secure-su package, which diverts the standard su to
> /bin/su.orig/su or something like that, making /bin/su.orig mode 700,
> so that noone except for root has access to the non-enhanced version
> of su. This seems to be acceptable. Maybe there is some way for the
> listar program to be setuid root, and the first thing it does is to
Several general rules apply here:
* Never setuid unless you really have to.
* If you setuid, never setuid to root unless you really, really, really
have to.
There are a number of security issues that become more and more important
when you setuid to root, so I would not be in favor of doing such a thing.
Reply to: