[Ffmpeg-devel] PATCH: Build Suffix

Jacob Meuser jakemsr
Sat Jul 30 05:31:29 CEST 2005


On Fri, Jul 29, 2005 at 08:03:07AM -0400, Rich Felker wrote:

> My point was exactly that you do not, and CANNOT, control what they do
> with sudo. If a program can safely be run by ordinary users with
> elevated permissions, it will use the suid bit and have its own strong
> internal permissions handling.

yeah, like cdrecord?  I had a similar "discussion" about the pros and
cons of using cdrecord with sudo instead of setting it suid with
Joerg Schilling some time back.  he was, of course, in favor of the
suid bit.  within a week, there was a CERT advisory about suid cdrecord
holes.

> Virtually anything run through sudo is
> full of holes that yield full root access, like the "make install"
> example.

almost every program has potential holes.  less code running with
elevated privileges is inherently more secure.

sudo allows far more control of what a user can do with a program than
setting the suid bit does.

of course, sudo is no magic bullet, and probably shouldn't be used by
people who can be bothered to understand how to use it properly ...
just like the suid bit, or anything else that can allow someone to do
more than you might want them to.

let's get back to where this discussion started.  can you tell me
how an administrator (who probably has root anyway) using sudo to
install software is going to lead to security issues?  how is this
so different than if the admin had sud instead?  in this case, how
is using su more secure?

almost every program has potential holes.  less code running with
elevated privileges is inherently more secure.

-- 
<jakemsr at jakemsr.com>





More information about the ffmpeg-devel mailing list