[ewg] Allowing ib dignostics to be run without being logged in as root.
Hal Rosenstock
hal.rosenstock at gmail.com
Wed May 26 09:36:46 PDT 2010
On Wed, May 26, 2010 at 12:29 PM, Informatix solutions
<richard at informatix-sol.com> wrote:
> The issue is that it is entirely dependent on the security integrity of the
> application with the setuid bit set.
> If someone can insert code, or swap a dynamically linked library with their
> own alternative, it becomes possible to have your own code executed as root.
> The system is then completely compromised.
The IB diags do use dynamically linked libs (libibmad and libibumad).
-- Hal
>
> -----Original Message-----
> From: ewg-bounces at lists.openfabrics.org
> [mailto:ewg-bounces at lists.openfabrics.org] On Behalf Of Woodruff, Robert J
> Sent: 26 May 2010 17:19
> To: Hal Rosenstock
> Cc: EWG
> Subject: Re: [ewg] Allowing ib dignostics to be run without being logged in
> as root.
>
> Hal wrote,
>
>>sudo can be configured for specific commands to be allowed to specific
> users.
>
> Then perhaps that is a safer way to do it, but it would put more work
> on the system admin to set it up for people, but if setting the permissions
> of the commands to setuid root opens up a security hole, we would not want
> that.
>
> Does anyone know if setting the permissions to setuid root does actually
> open up a security hole ?
>
> woody
>
>
> _______________________________________________
> ewg mailing list
> ewg at lists.openfabrics.org
> http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ewg
>
>
More information about the ewg
mailing list