ksmarttray and updates
Christoph Thiel
cthiel at suse.de
Thu Aug 10 01:21:08 PDT 2006
On Thu, 10 Aug 2006, Basil Chupin wrote:
> I didn't miss the "s"; I know that you mentioned it in your earlier
> message. But I didn't refer to it (I should have) because I was thinking
> about your inability to have the icon blinking unless you did the suid
> "fix" whereas mine blinks without me touching anything.
>
> However, I will restate what I stated earlier - and I hope that the
> authors of smart take note - that a user should NOT be allowed to
> upgrade the system and therefore, even if a root does alter the
> permissions of the file as you have, there should be a check done to
> disallow an update if it is being done without first having to enter the
> root password.
>
> I would consider this as a SECURITY HOLE for any Linux system using
> smart.
This is not the default set of permissions for smart. Which package are
you using? On SUSE the permissions for smart-update read:
-rwxr-xr-x 1 root root 8393 Aug 6 14:18 smart-update
Regards
Christoph
More information about the Smart
mailing list