why does redhat not make ksu setuid root?

T Ryan Cleary tryanc at theworld.com
Sun Jul 21 13:29:48 EDT 2002


In article <tsleldzheu4.fsf at konishi-polis.mit.edu>,
Sam Hartman <hartmans at mit.edu> wrote:
>>>>>> "Avery" == Avery  <daemon2k at yahoo.com> writes:
>
>    Avery> Why would redhat make ksu (at least in the 7.2 distro)
>    Avery> _not_ setuid root?  kinda pointless for root to be the only
>    Avery> user who can ksu.
>
>Perhaps they are not confident in its security.
>It is a rather complex program for what it does.

This has been reported to Red Hat before:

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=11535

If you trust ksu for your system, then just chmod u+s right after
configuring /etc/krb5.conf and extracting host keys.  I consider it
just part of configuring Kerberos on a Red Hat system.  That way,
someone who doesn't use kerberos (but still has the packages
installed), doesn't have any more suid root programs on their system
than necessary.

-Ryan



More information about the Kerberos mailing list