mikshaw
Group: Members
Posts: 4856
Joined: July 2004 |
 |
Posted: Jan. 08 2005,04:59 |
 |
| Quote | If it will run from a shell, make a small wrapper..
Look at the start_gimp or start_gtk2 wrappers for examples..
You can execute the application from a shell within the wrapper..
And many of the apps , especially ones requiring port access,
use root to run.. setuid isn't much more secure anyway... |
The thing I'm most concerned about is that Screen isn't merely an application running within a shell...it's comparable to a window manager which launches other shells and applications within it. I don't know how much of a risk this is, but it wasn't long ago that Screen was found to pose a security risk in certain situations when run as root, so most packages now don't install it with setuid. I'm using suse 9.0, which is a couple of years old, and screen is not setuid here.
| Quote | | Could we use alien to convert the rpm to deb for that version ? |
That wouldn't fix the trouble I'm having. First it would require mkwriteable, which I'm trying to avoid like JWs, and second it doesn't do anything to open up tty1 to users.
I still don't understand the tty permissions. /dev/tty1 is owned by root.root, with 600 permission. I thought that would mean that a regular user couldn't access it at all, but dsl still uses it as the primary terminal. In my Suse system /dev/tty1 is owned by mik.tty, with 620 permissions. 'mik' is my typical user....I have no idea why the file is owned by me, unless Suse has some script which changes ownership depending on who is logged in. But that still doesn't make sense, because there is only one /dev/tty1...what happens when multiple users are logged in at the same time? I think it might have more to do with the group 'tty' than with the owner, but this is just a guess.
--------------
http://www.tldp.org/LDP/intro-linux/html/index.html
|
.
DSL Market ,
Great VPS hosting provided by Tektonic
