Date: Sat, 11 Jul 1998 19:35:38 -0500 (CDT) From: "Kent S. Gordon" <kgor@ksg.com> To: jehamby@manta.jpl.nasa.gov Cc: 026809r@dragon.acadiau.ca, security@FreeBSD.ORG Subject: Re: RootRunner (admin GUI w/o security holes?) Message-ID: <199807120035.TAA10008@soccer.ksg.com> In-Reply-To: <Pine.GSO.3.96.980710164953.3860H-100000@manta> (message from Jake Hamby on Fri, 10 Jul 1998 16:53:44 -0700 (PDT))
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "jehamby" == Jake Hamby <jehamby@manta.jpl.nasa.gov> writes:
> On Fri, 10 Jul 1998, Michael Richards wrote:
>> Why not just use ssh to forward your root x connections via an
>> encrypted connection. All of your problems go away. You are
>> even secure from network sniffers because the entire data
>> stream is encrypted.
> Well, I definitely want to support ssh to allow secure remote
> administration (where it would replace su or sudo in the scheme
> I described), but I'm really loath to run any part of the GUI as
> uid 0, if it's at all possible to avoid. While it's probably
> not a security hole, per se, my biggest problem is the one I
> already mentioned of how to start the program from the "start
> menu" of your favorite windowmanager, without having to pop up
> an ugly xterm window to ask for the root password.
You could always create an no password entry in sudo for these cases
or a special suid binary that invokes the program. I have used no
password entry in sudo for this in the past.
> -Jake
> To Unsubscribe: send mail to majordomo@FreeBSD.org with
> "unsubscribe security" in the body of the message
--
Kent S. Gordon
KSG -- Unix, Network, Database Consulting
Postal: 76 Corral Drive North, Keller, Texas 76248
e-mail: kgor@ksg.com Phone:(817)431-8775 Resume: http://www.ksg.com/resume.html
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807120035.TAA10008>