why does redhat not make ksu setuid root?
T Ryan Cleary
tryanc at theworld.com
Sun Jul 21 13:29:48 EDT 2002
In article <tsleldzheu4.fsf at konishi-polis.mit.edu>,
Sam Hartman <hartmans at mit.edu> wrote:
>>>>>> "Avery" == Avery <daemon2k at yahoo.com> writes:
>
> Avery> Why would redhat make ksu (at least in the 7.2 distro)
> Avery> _not_ setuid root? kinda pointless for root to be the only
> Avery> user who can ksu.
>
>Perhaps they are not confident in its security.
>It is a rather complex program for what it does.
This has been reported to Red Hat before:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=11535
If you trust ksu for your system, then just chmod u+s right after
configuring /etc/krb5.conf and extracting host keys. I consider it
just part of configuring Kerberos on a Red Hat system. That way,
someone who doesn't use kerberos (but still has the packages
installed), doesn't have any more suid root programs on their system
than necessary.
-Ryan
More information about the Kerberos
mailing list