Hosting Provided By

setuid binary in ktsuss

From: Yves-Alexis Perez <corsac(at)debian.org>
Date: Sat Feb 09 2008 - 16:05:34 EST

Hi,

I'm about to upload ktsuss to debian, wich is a graphical wrapper around su (much like gksu but without any gnome dependency). One point puzzles me, the ktsuss binary is setuid root (so it can read the root password). gksu doesn't do this (it calls su, I guess).

I don't really want to upload a setuid binary if it's not safe, but the code looks good (and is really tiny). Could some people on this list take some time and check the code?

dsc can be found at:
http://molly.corsac.net/~corsac/debian/ktsuss_1.3-1.dsc

Thanks for your time,

-- 
Yves-Alexis

-- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

application/pgp-signature attachment: This is a digitally signed message part

Received on Sat Feb 9 16:06:19 2008

This message: [ Message body ]
Next message: Russ Allbery: "Re: setuid binary in ktsuss"
Previous message: jthuillier(at)groupecb.com: "Julien THUILLIER est absent(e)."
Next in thread: Russ Allbery: "Re: setuid binary in ktsuss"
Reply: Russ Allbery: "Re: setuid binary in ktsuss"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:38 EDT