Hi Wayne, On Mon, Dec 09, 2002 at 02:35:13PM -1000, W. Wayne Liauh wrote: > Since I expect the majority of our readers don't have UNIX > background, I believe your statement needs to be qualified to > some extent.
I will try to clarify more. > When running as root, you leave your "entire computer" open for > security attacks. Whereas, with SUID, you only allow a specific > program to invoke process(es) that would otherwise require > something equivalent to a root privilege. In other words, with > SUID, instead of blanket privileges, only very limited extent > of privileges are granted. SUID is an ingenious way to provide > compromised convience and security. Assuming that the program is world executable, having SUID root actually makes it less secure. Without the SUID bit set, only users that you trust can run program. With it set, anyone with a valid login can run it. The reason why is this especially dangerous is due to the buffer overflow. If a malicious user has access to a program running SUID root, the bug can be exploited and give the malicious user root privileges. Without the SUID bit set, the program can still be exploited, but it is a moot point because you would already need to have root priviledges to run it. If you have a list of users that you want be able to run cdparanoia, then, without RBAC, you should use sudo. So users login as themselves. When cdparanoid is needed, they run the program as `sudo cdparanoia`. Without something like sudo, you can put them all into a group and only let those members be able to execute it. Assuming you have a group cdrw, you can set ownership and permissions of cdparanoid to root:cdrw, mode 4110. Then, only users belonging to the cdrw group can run cdparanoia. > Most end users, however, do not notice the security issue. What > happens in the real world if you run grip (or any other Linux > CD ripping program) as root is that, instead of being in your > home directory, the ripped/encoded files will be stored in the > root directory. After you spend hours thinking you've copied > your favorite CDs into your hard but could find them, then you > will really hear someone cursing. This can be alleviated by not logging in as root. Instead, you can use su or sudo. For the most part, these utilities will keep your environment intact. > Anyway, if there is anything that desperately needs to be > improved in Linux, it is the audio copying capability. I have really digressed. Linux needs a lot of things to get buy in from end users. A little more happens each year, but I hope not at the cost of security. -Vince