On Thu, Jul 17, 2008 at 04:04:05PM +0530, Hemant Goyal wrote: > However, I would like to ask whether using setuid is advisable in the > OLPC laptop from a security point of view?
It is like putting a hole through a city wall into a house which is built against the wall, and then telling the city guards to stand outside the house as well as the city gate. Practical, very handy, but extends the safety barrier to include the setuid program code. It means the city guards need to trust the owner of the house. Because the house is a new attack vector. The walls of the house might be thinner than the city walls. It means the code that is running setuid has to be trusted. Because this new code is a new attack vector ... if it can be asked to open or write files, then it can attack a filesystem. I cannot comment on the relative importance of the OLPC security model and the speech-dispatcher needs. I imagine that would depend on a deployment. But I worry about hundreds of thousands of systems that might be infected via this setuid program, if it turns out to contain a flaw. I recall earlier discussion about it or something else. Is there a way to rewrite it to not require root? Almost every other activity does not require root, or obtains it through a carefully controlled mechanism via the kernel. Can you tell me what syscall fails if it is not root? strace may be helpful. -- James Cameron mailto:[EMAIL PROTECTED] http://quozl.netrek.org/ _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel