Proposing to host system-auth-agent in fdo
Martin Waitz
tali at admingilde.org
Wed Oct 13 21:23:58 EEST 2004
hi :)
you shouldn't base authorization on the program that is asking but
on the operation that it tries to execute.
Remember: it's the currently logged in user that is allowed to
configure the network card, not some magic binary.
So the better solution is to move the desired functunality into
a root daemon and just send requests to it via dbus/whatever.
The daemon can then check the request for validity and perform
the action.
That way it is not possible to execute arbitrary programs as root.
Just have a look at NetworkManager.
--
Martin Waitz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.freedesktop.org/archives/xdg/attachments/20041013/020bb8bc/attachment.pgp
More information about the xdg
mailing list