On Fri, Jul 14, 2006 at 01:17:28PM -0400, Daniel J Walsh wrote: > Internal Red Hat people are interested if we can do this another way > without introducing a new SUID application. > > Could someone spell out the exact requirements, that devallocator is > trying to solve?
I'm a bit confused also. I thought it was intended to help administrators define labels for printer devices, and tools run by administrators don't need to be SUID. I just looked at the code, and some of its features such as relabeling floppy and CD-ROM devices should definitely *not* be accessible to non-admin users via a SUID application, at least not in an evaluated config. It also has many override capabilities in its policy, are those all really necessary? I think it would be preferable to require that an admin runs it who has the necessary privileges already, instead of having the tool grant them. -Klaus -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
