On Mon, 24 Feb 2020 13:46:46 +0100 Didier Kryn <k...@in2p3.fr> wrote:
> Le 24/02/2020 à 10:44, aitor a écrit : > > Hi Didier, > > > > En 24 de febrero de 2020 10:01:33 Didier Kryn <k...@in2p3.fr> > > escribió: > > > >> Le 24/02/2020 à 01:16, Aitor a écrit : > >>> > >>> Hi Tito, > >>> > >>> On 23/2/20 17:02, Tito via Dng wrote: > >>>> Why use 2 binaries rather than one, more programs, more code, > >>>> more communication in between them equals to more attack surface. > >>>> I would stay with just one suid binary, more so if you want to > >>>> go the su-only route. > >>> I'll answer to this question in more detail: the requeriment of > >>> suid privilegies implies an additional (non GUI) binary due to > >>> the fact that the usage of any GTK suid binary is impossible. > >>> Read here: > >>> > >>> http://soc.if.usp.br/manual/libgtk2.0-doc/faq/x392.html > >> Does it mean that synaptic works that way with droping > >> priviledges in the GUI? > >> > >> Didier > > > > Synaptic is run as root via sudo/su. There are no suid privilegies > > Hi Aitor. > > Sure, but it is running a GUI with root priviledge. I thought > this was the danger and I understood this was forbidden in GTK+. > > _______________________________________________ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng It's not a big deal as long as it's not some crazy bloated mess like a web browser or something. -- _________________________________________ / This is the story of the bee Whose sex \ | is very hard to see | | | | You cannot tell the he from the she But | | she can tell, and so can he | | | | The little bee is never still She has | | no time to take the pill | | | | And that is why, in times like these | \ There are so many sons of bees. / ----------------------------------------- \ \ /\ /\ //\\_//\\ ____ \_ _/ / / / * * \ /^^^] \_\O/_/ [ ] / \_ [ / \ \_ / / [ [ / \/ _/ _[ [ \ /_/ _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
