ksmarttray and updates
Andreas Hanke
andreas.hanke at gmx-topmail.de
Thu Aug 10 09:21:56 PDT 2006
Hi,
Stephen Boddy schrieb:
> On a side note, Andreas, I recall Zen requiring root password to authorize a
> user to have the capability to update a system.
Yes, but for the first time only. It grants that permission permanently
and it grants more permissions by default than necessary. :(
> So it's not totally
> brain-dead, but it does mean the system can subsequently be updated by that
> user without root password, and I'm not sure if there is some way to remove
> that right.
Only rug (the command-line tool) can be used to remove the privileges again.
> I do prefer requiring root password each time the system packages
> are upgraded.
Me too. ;)
> Christoph, it'd be nice if smart-update could be setuid, and remove the "Run
> as root" of ksmarttray in the suse packages.
You don't need to convince Crishtoph, you have to convince the security
team, and this won't be easy. ;)
Each setuid binary has to be audited and approved first and it has to be
integrated into the permissions package, i.e. /etc/permissions*.
Andreas Hanke
More information about the Smart
mailing list