Re: Why does slibclean require root?
- From: Pete's <empete2000@xxxxxxxxx>
- Date: 21 May 2007 20:09:59 -0700
On May 21, 4:39 pm, 0xDEADABE <n...@xxxxxxxxxxx> wrote:
Paul Pluzhnikov wrote:
hobie744 <hobie...@xxxxxxxxx> writes:
Just out of curiosity, why does slibclean require root?
Because it affects the *whole* system, and not just the user
running it.
It's been suggested in this forum before to make it setuid.
This is usually needed on development machines -- you build shared
object, run executable using it, detect a bug, and must run slibclean
to remove the buggy shared object from memory.
A nicer solution for the same problem is to make the shared object
non-readable to "other". In that case, it is always loaded into
"private segment" and unloaded on program exit. No slibclean
is needed.
Is that a potential security problem?
A user running 'while : ; do slibclean; done' can make the whole
machine crawl, without exceeding his CPU quota.
Cheers,
Siebel recommends that it be setuid for all users. I did this
begrudgingly to check off a possible problem during installation. Guess
this means that they need it to run to compensate for their skunky code!
;-)
What about using 'sudo' rather than suid? You would then be able to
allow use of it to users who truly need it.
HTH,
Pete's
.
- References:
- Why does slibclean require root?
- From: hobie744
- Re: Why does slibclean require root?
- From: Paul Pluzhnikov
- Re: Why does slibclean require root?
- From: 0xDEADABE
- Why does slibclean require root?
- Prev by Date: Previewing AIX 6 and open beta program
- Next by Date: Re: Previewing AIX 6 and open beta program
- Previous by thread: Re: Why does slibclean require root?
- Next by thread: Running AIX 5.3, the "find" command is not working as expected.
- Index(es):
Relevant Pages
|
