Re: setuid for priv sockets?
Re: setuid for priv sockets?
- Subject: Re: setuid for priv sockets?
- From: Stephen Hoffman <email@hidden>
- Date: Mon, 27 Oct 2008 17:49:35 -0400
- Organization: HoffmanLabs LLC
Damien Sorresso writes:
We're strongly (and I do mean strongly) trying to move people off of
setuid binaries. If it's a command line application, you can just
require that the user run it as root or with sudo if performing
actions that require access to this privileged port.
Not passing out root or sudo access is a common practice in various
production and security-conscious environments. Within those
environments (and I deal with folks that are severely allergic to
passing out root access), setuid can be an invaluable palliative.
I'm quite willing to move to another approach or environment or tool or
interface here. But suggesting that they pass out root access as a
solution for starting up certain command-line tools is just going to
get me a heaping raft of static with these good folks.
Please don't take away setuid without an alternative. And no, sudo
isn't a solution.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden