Universal JTAG library, server and tools / Bugs / #18 "Forbid" to run JTAG tools with suid root

"Forbid" to run JTAG tools with suid root

Status: Beta

Brought to you by: kawk, stappers, vapier

#18 "Forbid" to run JTAG tools with suid root

Milestone: 0.10

Status: closed-fixed

Owner: Kolja Waschk

Labels: None

Priority: 5

Updated: 2007-11-30

Created: 2007-11-25

Creator: Kolja Waschk

Private: No

The JTAG tools can be used to gain superuser access to the system. The most basic way to do this would be to use the "shell" command.

It would be a large security hole to install the tools so that arbitrary users can run them with superuser rights (suid root); on the other hand probably a number of people might be tempted to do so in order to work around "permission denied" problems when trying to access a cable over parport or usb.

Running the tools as root is okay, but becoming root by just using the tools has to be impossible.

Discussion

Kolja Waschk - 2007-11-28

Logged In: YES
user_id=478715
Originator: YES

Added a check in #801.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Kolja Waschk - 2007-11-28

assigned_to: nobody --> kawk

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Kolja Waschk - 2007-11-30

status: closed --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Kolja Waschk - 2017-02-12

Group: --> 0.10
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

"Forbid" to run JTAG tools with suid root

Group

Searches

Help

#18 "Forbid" to run JTAG tools with suid root

Discussion