On Saturday 24 October 2009 19:50:36 Celejar wrote: > On Sun, 25 Oct 2009 00:34:11 +0200 > Klistvud <firstname.lastname@example.org> wrote: > > Well, the script is quite simple, it only works in Gnome (a > > more system-wide script would have to be run as superuser and I just > > couldn't be bothered to type in my root password every time I wanted > > to change CPU governor): > > This is what sudo is for - one just configures it to allow anyone to > run it as root. Or only users from a particular group to run it only after providing their password; sudo is *very* flexible. It can do nearly everything su, suid, and sgid can so, plus some. > Another possibility is to make it suid root. Suid scripts don't work unless your shell/interpreter is also suid. This is usually a bad idea. > I > suppose, though, that either of these techniques might be security > risks, if the script is buggy / insufficiently secure and a malicious > user manages to run it. It looks like the only input the script takes is the output of gconftool --get of a specific key. Under the assumption that an attacker can set the "$state" variable to whatever they want, they can make the script fail, but I don't think they can do anything malicious. I'm not a security expert by any means. -- Boyd Stephen Smith Jr. ,= ,-_-. =. email@example.com ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Description: This is a digitally signed message part.