On 04/06/2018 12:05 AM, Liam R E Quin wrote: > On Thu, 2018-04-05 at 23:40 -0400, Steve Kinney wrote: >> >> On 04/05/2018 09:41 PM, Liam R E Quin wrote: >>> On Thu, 2018-04-05 at 20:42 -0400, Steve Kinney wrote: >>>> >>>> It /should/ be impossible for a program opened by a 'regular' >>>> user to >>>> run in superuser mode, unless the regular user enters the root >>>> password. >>> >>> It can happen if the program's binary is owned by the root user and >>> is >>> mode u+s (set-userid). >>> >>> Liam (ankh) >> >> Yikes. >> >> One "should" not allow this either, without a very good reason... > > On most user applications, no, although > ls -l /usr/bin/ | grep '^[^ ]*s' | wc -l > gives 36 results here (many setgid rather than setuid, and not all > owned by root, but e.g. su, sudo, umount, all have to be root-owned and > suid.). > > It's possible to disable set-userid file modes from being respected > using a mount option, but using that on the system partitions would > break yuor system.
Ah so. My comprehension of Linux internals is only rudimentary, but once pointed out it's obvious that su, sudo and umount would be owned by root - only root can do the things they enable a user with the root password to do. A graphics editor or a wrapper for portable applications? Not so much. :D _______________________________________________ gimp-user-list mailing list List address: gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list List archives: https://mail.gnome.org/archives/gimp-user-list
