[fpc-devel] Linux kernel behaviour change regarding keyboard
Marco van de Voort
marcov at stack.nl
Wed Jul 18 18:18:30 CEST 2007
> On 18 Jul 2007, at 17:42, Marco van de Voort wrote:
> >> arguments like "the kernel forcing us to do so" will not help us
> >> then.
> > What is the security hole exactly?
> If you install the IDE as setuid root, then every user starting the
> IDE will run the IDE as if he were root. That means he can open and
> modify every single file on the system. And overwrite any binary with
> an own written program by just configuring the proper exe output
> directory in the IDE.
> And by using the shell functionality of the IDE, he can also open a
> root shell if that's more comfortable for him than using the IDE itself.
That might indeed be slightly too much. OTOH it would make an important
Seriously, in how many distro's is this "feature" active? Can it be turned
Can we assume that desktop distro's as ubuntu aren't going to do this?
More information about the fpc-devel