Am Mittwoch 28 Januar 2009 19:05:08 schrieb Alon Bar-Lev: > Running software as root is the worst solution. Especially security > centric software.
not a good solution, but not the worst. remember old linux/unix systems with a bin user and group, and all binaries owned by them? that was worse. creating a stair where people can step by step get more privileges because nobody understands all the dependencies is worse than having the simple "root or not" approach, where root has most rights and there are few things you can do with out root, so you need to attack it directly. much easier to understand, secure and keep secure from my point of view. > > btw: many distributions have a group "scard" that regulates access to > > smart card reader middleware (pcscd and openct). (well, ok, debian and > > ubuntu have that group, not 100% sure about other distributions). > > I don't care how you call this group as long as you run daemons in > least-privilege mode. it's not the daemon group, but the group users need to be in, so they are allowed to talk to the daemon. it would be very bad security practise, if the same group name is used for that in one distribution, and for the daemon access to the usb devices in some other distribution. Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
