[plug] new linux user
Tony Clark
tony at ballist.net.au
Wed Sep 29 10:51:08 WST 1999
At 10:19 29/09/99 +0800, you wrote:
>On Wed, 29 Sep 1999, Tony Clark wrote:
>
>> You could always chmod u+s minicom so it runs with root privilages, then
>> lock files or com ports would not cause any problems.
>
>You should never make programs SUID-root if you can avoid it. By making
>Minicom SUID-root as you advocate above, you are opening up a security
>hole - I know minicom has/had at least one buffer overflow in it, allowing
>anybody with "user" access to your system to become root.
>
>You are much better off leaving minicom the way it is, and then adding
>people you trust to the dialout group in /etc/group.
>
>If you really want to give everyone the ability to dial out on your
>system, then you're still better off to change the permissions on
>/dev/ttySx (where x is the device your modem is on) to give people
>access to that modem only, rather than giving everybody access to your
>root account.
In general I agree with the above, but for a home machine with only trusted
users on the network, I'm not sure it makes much difference.
Now running a ppp link and giving remote users access to the machine is
quite a different story!
Tony Clark
HDL Electronics Pty Ltd
Contract VHDL, FPGA, ASIC and electronic design services
Mobiles: Australia 61 411 577 715 Hong Kong 852 9616 9716
More information about the plug
mailing list