On Thu, 2018-04-05 at 23:40 -0400, Steve Kinney wrote: > > On 04/05/2018 09:41 PM, Liam R E Quin wrote: > > On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote: > > > > > > It /should/ be impossible for a program opened by a 'regular' > > > user to > > > run in superuser mode, unless the regular user enters the root > > > password. > > > > It can happen if the program's binary is owned by the root user and > > is > > mode u+s (set-userid). > > > > Liam (ankh) > > Yikes. > > One "should" not allow this either, without a very good reason...
On most user applications, no, although ls -l /usr/bin/ | grep '^[^ ]*s' | wc -l gives 36 results here (many setgid rather than setuid, and not all owned by root, but e.g. su, sudo, umount, all have to be root-owned and suid.). It's possible to disable set-userid file modes from being respected using a mount option, but using that on the system partitions would break yuor system. -- Liam Quin - web slave for https://www.fromoldbooks.org/ with fabulous vintage art and fascinating texts to read. Click here to have the slave beaten. _______________________________________________ gimp-user-list mailing list List address: gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list List archives: https://mail.gnome.org/archives/gimp-user-list