[fpc-devel] Linux kernel behaviour change regarding keyboard
Marco van de Voort
marcov at stack.nl
Wed Jul 18 18:18:30 CEST 2007
> On 18 Jul 2007, at 17:42, Marco van de Voort wrote:
>
> >> arguments like "the kernel forcing us to do so" will not help us
> >> then.
> >
> > What is the security hole exactly?
>
> If you install the IDE as setuid root, then every user starting the
> IDE will run the IDE as if he were root. That means he can open and
> modify every single file on the system. And overwrite any binary with
> an own written program by just configuring the proper exe output
> directory in the IDE.
>
> And by using the shell functionality of the IDE, he can also open a
> root shell if that's more comfortable for him than using the IDE itself.
That might indeed be slightly too much. OTOH it would make an important
point :-)
Seriously, in how many distro's is this "feature" active? Can it be turned
off?
Can we assume that desktop distro's as ubuntu aren't going to do this?
More information about the fpc-devel
mailing list