https://bugs.kde.org/show_bug.cgi?id=359621
Bug ID: 359621 Summary: Unneeded setgid requirement Product: kdesu Version: unspecified Platform: Debian unstable OS: Linux Status: UNCONFIRMED Severity: normal Priority: NOR Component: kdesud Assignee: kdesu-bugs-n...@kde.org Reporter: m...@debian.org Hi, The kdesu framework currently requires the kdesud to be setgid, the documentation about this requirement says (client.h): The daemon should be installed setgid nogroup, in order to be able to act as an inaccessible, trusted 3rd party. Even the check for the daemon file to be setgid is part of the public API of the kdesu framework.: class KDESU_EXPORT KDEsuClient { public: ... bool isServerSGID(); ... But, AFAICS, this provides no additional "security". In fact, it would be better if the check were "make sure the daemon is not setuid", or if it denies ptrace. Afaik, having the setgid in place only serves as a way to change the effective primary group, which will be used for files created by this process. Unless there is a real reason for this requirement, please drop it. Happy hacking, Reproducible: Always -- You are receiving this mail because: You are watching all bug changes.