set user id for service ?
Havoc Pennington
hp at redhat.com
Thu Sep 14 18:29:18 PDT 2006
Matthew Johnson wrote:
> On Thu, 14 Sep 2006, Thiago Macieira wrote:
>
>> frederic heem wrote:
>>> Unfortunately, making the program setuid is considered insecure.
>>> Another solution is to use sudo to restrict who can start the service,
>>> i.e the messagebus
>>
>> Put the setuid-user program or wrapper in an 0500 messagebus-owned
>> directory.
>
> It's still not very elegant.
>
Not clear to me that having a random custom bus running as root that
starts services using a mechanism designed for desktop user sessions is
particularly elegant either ;-) in fact I have no real idea why this
would be a sensible way to implement anything, though I'm willing to
admit it might be, someone would have to step back and explain the whole
problem and possible alternatives and what the dbus feature would be
like, how it would work, how it's more secure than existing approaches, etc.
Havoc
More information about the dbus
mailing list