Re: Bounce a few ideas off

[robert havoc pennington <rhpennin midway uchicago edu>]

On Wed, 22 Apr 1998, Michael K. Johnson wrote:
> 
> I'd like to suggest that instead of "porting" those apps to gtk, folks
> consider writing gui wrappers for them.  Particularily setuid ones,
> as gtk has NOT been gone through for the kinds of bugs that could
> easily create security holes in setuid programs...
> 

For an example of one wrapper and one "port," look at gshutdown and gsu
in gnome-utils/mini-utils.

The problem is that the setuid binaries are precisely the ones that have
to be "ported." I can't figure out any way to wrap them, and these are
precisely the utilities upstream authors won't want to change. No one
wants to mess with su when su is well-proven.  Plus there's no way to pass
passwords around on the command line, so I can't think of how the
wrap-friendliness would be implemented. :(

One comforting thought is that you can't use these GUI utils from a telnet
session, so the security hole depends on the ability to run an X session
on the machine. Slightly safer. (well, you can gsu --command from telnet,
but that should be almost the same as regular su except for Gnome init
stuff. I guess it could be made exactly the same as regular su by
postponing the Gnome init until after options parsing - would this help?) 

Anyway, I want to do a chfn/chsh/passwd util, which will face the same
difficulty. If anyone has any ideas on how to do it let me know. gsu
required very few changes to the original source, so it's relatively safe;
the chfn util is going to have to be more of a from-scratch thing, as the
original source doesn't look very GUI-fiable.

I agree that wrappers are better when they work. Among other things, they
let you customize the command line that's wrapped, a la gshutdown. 
Should be a good approach for fdisk.

Havoc Pennington
http://pobox.com/~hp