Re: suid root
On Thu, Sep 14, 2000 at 10:00:55PM -0400, Michael Soulier wrote:
:
: How do you guys feel about SUID root? For example, I'm here using
:supermount, finding it mildly annoying that I have to login as root to
:format a floppy. Is it against the "Debian way" to SUID root on supermount
:and mformat for convenience? Does that cause a major security hole?
First all security is relative.
If this machine is in your home *and* your internet connection is via
intermittent dial-up with dynamic IP adressing, I say no big deal.
If you have persistant internet connection (via LAN, xDSL, Cable) your
risk goes way up.
In order for this "security hole" to be exploited someone needs to
have shell access to your machine (by remote exploit or sniffing user
passwords from telnet, pop, and othe rplain text methods).
Immediately they could low level format your floppies (not terribly
likely to do that I suppose), but if they can then cause a buffer
overflow by passing some large amount of garbage to this program in
the right way they then have root access to your machine which is
*bad*
I suggest you check out "sudo" this allows you to grant root
privileges (or a subset there of) and will remember your
authentication for a configurable period of time.
The fewer security risks the better what ever their size.
-Jon
Reply to:
- References:
- suid root
- From: Michael Soulier <msoulier@storm.ca>