ksmarttray and updates
Andreas Hanke
andreas.hanke at gmx-topmail.de
Thu Aug 10 07:34:18 PDT 2006
Hi,
Randy Smith schrieb:
> (1) should be able to happen automatically if user is running ksmarttray
> (2) should require root access
>
>
> if running smart-update suid root enables (1) while still requiring the
> root pw for (2), then I don't see that as a problem.
That's exactly what happens if smart-update is suid root: It allows (1)
by running "smart update" followed by "smart upgrade --check-update" as
root, but (2) still requires the root password (this distinguishes smart
from the stupid zen-updater).
So it should be secure from that point of view. This does not, however,
invalidate the concerns about suid binaries in general. If not written
with extra care, they can be abused in really funny ways.
Andreas Hanke
More information about the Smart
mailing list