14 Apr
2003
14 Apr
'03
10:28 a.m.
Hallo,
Guy Clotilde hat gesagt: // Guy Clotilde wrote:
May I beg a last question: does it means that a setuid
prog can
delete important files? By example, if I setuid root a file manager
(xftree), will it be able to delete any files ? Don't worry, I won't
do it, just to understand.
Yes, it will be able to delete any file. Setuid software bypasses the
user-id based authentification schemes in Linux. It should only be
used, where another solution is not possible (like in passwd or in
realtime scheduling).
ciao
--
Frank Barknecht _ ______footils.org__