Menu
▾
▴
Re: [Plplot-devel] linuxvga driver
|
From: Alan W. I. <ir...@be...> - 2002-01-24 23:03:17
|
On Thu, 24 Jan 2002, Geoffrey Furnish wrote: > Alan W. Irwin writes: > > I cannot remember whether it was Maurice or Geoffrey who investigated this a > > long time ago, but according to my memory of the results back then you > > always need root in order to use this driver. Therefore, I have never run or > > tested it. If there is no way to get around this root-only limitation of > > libsvga, I think this driver should be disabled in the interests of security. > > :-). > > /home/furnish> ll /usr/bin/X11/XFree86 > -rws--x--x 1 root root 1773168 Jan 18 2001 /usr/bin/X11/XFree86* > > The "no run-as-root software allowed" rule, would make for a text only > computing experience. Sounds good to me....;-) Seriously though, I agree with your implicit point that from the security perspective there is no real difference between a setuid programme and one that demands you be root to run it. However, there is a practical difference between the two; when you are running root is is much easier to screw up (inadvertent typing of "rm -rf /", for example....;-)) then when you are just running a setuid executable. Also, for what it is worth, the security reputation of libsvga is not as good as Xfree86. > > I think we should leave it in/available. People can use it or not > based on their own policy decisions on their own machine. Fine by me. Since I wrote what you are responding to, I found and posted a way (with a lot of effort) that might work to run svgalib-based code safely (or at least as safe as X). Alan |
