[fpc-devel] Linux kernel behaviour change regarding keyboard

Marco van de Voort marcov at stack.nl
Wed Jul 18 18:18:30 CEST 2007

> On 18 Jul 2007, at 17:42, Marco van de Voort wrote:
> >> arguments like "the kernel forcing us to do so" will not help us  
> >> then.
> >
> > What is the security hole exactly?
> If you install the IDE as setuid root, then every user starting the  
> IDE will run the IDE as if he were root. That means he can open and  
> modify every single file on the system. And overwrite any binary with  
> an own written program by just configuring the proper exe output  
> directory in the IDE.
> And by using the shell functionality of the IDE, he can also open a  
> root shell if that's more comfortable for him than using the IDE itself.

That might indeed be slightly too much. OTOH it would make an important
point :-)

Seriously, in how many distro's is this "feature" active? Can it be turned

Can we assume that desktop distro's as ubuntu aren't going to do this?

More information about the fpc-devel mailing list