← Back to team overview

unity-design team mailing list archive

Re: [Fwd: Re: Update manager] - a secure way to ask for information

 

On 16/06/2009 Paulo J. S. Silva wrote:
Thinking a little bit more about Vincenzo suggestion. It is not clear to
me how the application that is asking for root access can present some
information that is only readable by root. Anyhow, this is a security
problem and maybe we are getting off topic here.



Well, this is not meant to protect you from people in the same room, for that there is your password. It's meant to protect you from worms. The sudo program can become root to read such a file and present it. And no standard executable can do that because you need the setuid bit. But I'd prefer somebody with experience in security talk about this.

It's not offtopic in my opinion as exactly this machinery could be used in the infamous popup to address the concern of many, but can be moved elsewhere or dropped if it has obvious flaws that I don't see.

Vincenzo



Follow ups

References