On Thu, Sep 14, 2000 at 10:00:55PM -0400, Michael Soulier wrote: : : How do you guys feel about SUID root? For example, I'm here using :supermount, finding it mildly annoying that I have to login as root to :format a floppy. Is it against the "Debian way" to SUID root on supermount :and mformat for convenience? Does that cause a major security hole?
First all security is relative. If this machine is in your home *and* your internet connection is via intermittent dial-up with dynamic IP adressing, I say no big deal. If you have persistant internet connection (via LAN, xDSL, Cable) your risk goes way up. In order for this "security hole" to be exploited someone needs to have shell access to your machine (by remote exploit or sniffing user passwords from telnet, pop, and othe rplain text methods). Immediately they could low level format your floppies (not terribly likely to do that I suppose), but if they can then cause a buffer overflow by passing some large amount of garbage to this program in the right way they then have root access to your machine which is *bad* I suggest you check out "sudo" this allows you to grant root privileges (or a subset there of) and will remember your authentication for a configurable period of time. The fewer security risks the better what ever their size. -Jon
