On Wed, May 26, 2010 at 12:29 PM, Informatix solutions <rich...@informatix-sol.com> wrote: > The issue is that it is entirely dependent on the security integrity of the > application with the setuid bit set. > If someone can insert code, or swap a dynamically linked library with their > own alternative, it becomes possible to have your own code executed as root. > The system is then completely compromised.
The IB diags do use dynamically linked libs (libibmad and libibumad). -- Hal > > -----Original Message----- > From: ewg-boun...@lists.openfabrics.org > [mailto:ewg-boun...@lists.openfabrics.org] On Behalf Of Woodruff, Robert J > Sent: 26 May 2010 17:19 > To: Hal Rosenstock > Cc: EWG > Subject: Re: [ewg] Allowing ib dignostics to be run without being logged in > as root. > > Hal wrote, > >>sudo can be configured for specific commands to be allowed to specific > users. > > Then perhaps that is a safer way to do it, but it would put more work > on the system admin to set it up for people, but if setting the permissions > of the commands to setuid root opens up a security hole, we would not want > that. > > Does anyone know if setting the permissions to setuid root does actually > open up a security hole ? > > woody > > > _______________________________________________ > ewg mailing list > ewg@lists.openfabrics.org > http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ewg > > _______________________________________________ ewg mailing list ewg@lists.openfabrics.org http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ewg