seatd & copy2fs.flg

[aus9]

M-A-X
Please provide evidence that seatd with SUID set reports vulnerabilities. I can find none.
But I wonder if your reasons are clear to me.

Anyone with access to the sudo command can do anything. You do understand this right?

Code: [Select]

file /usr/bin/sudo
/usr/bin/sudo: setuid executable, regular file, no read permission
ls -al /usr/bin/sudo
---s--x--x    1 root     root        148148 Jan 25 00:07 /usr/bin/sudo
If I understand your fear of SUID correctly then I suggest you create a root password and add it to persistence
(2) modify your rootfs and delete sudo from it so that
(3) any root power you need needs

Code: [Select]

su
<input intended command>
If Juanito or anyone else....when I submit my updated seatd....feels I am damaging the reputation of Tinycore
I will have to accept their judgement. I have a history of spitting the dummy that Rich knows too well.
I am the original packager of seatd, and feel your questioning on my lack of security is unfair when you are using sudo so freely.

[Rich]

Hi aus9

my bad that not how I made it ....it reads ...

That looks good.

M-A-X
Please provide evidence that seatd with SUID set reports vulnerabilities. I can find none. ...

He said nothing about vulnerabilities. Read his post again:
https://forum.tinycorelinux.net/index.php/topic,27984.msg181184.html#msg181184

He mentions a potential for bugs, which did occur and is being addressed by this thread.
And he basically said typing  sudo  is not a burden.

[M-A-X]

... and feel your questioning on my lack of security is unfair when you are using sudo so freely.

My apologies, this was not my intention.

The manpage of seatd-launch gives the following statement:

seatd requires root privileges to perform its tasks. This can be achieved
through SUID of seatd-launch or by running seatd-launch as root. seatd-launch
will drop privileges from the effective user to the real user before running
the specified command. If the real user is root, this is simply a noop. You
should only run seatd-launch as root if you intend for the specified command to
run as root as well.

Now I understand why it makes sense to assign SUID permission to seatd-launch.

[aus9]

M-A-X
are you using the main repo or a mirror?
If you are using a mirror...and if my submission ....will take a while to process....lands....you could use your web browser to view the info and md5 contents
and clicking the TCE will download it

If using a member, and forgive me if you already know this but you are a new member bookmark this
http://tinycorelinux.net/16.x/x86_64/tcz/seatd.tcz.info
when that date changes....edit to strip .info and download magic should start

cheers

[gadget42]

...
http://tinycorelinux.net/16.x/x86_64/tcz/seatd.tcz.info
when that date changes....edit to strip .info and download magic should start

wanted to confirm that the above quoted "when that date changes" was intended to be the word "date" as opposed to "data"
(yes, a date change would technically be a data change)

thanks

[aus9]

M-A-X
Update has landed for 16x and 17x  main repos.
If it works for you, can you reply that it does....and we can then ask Rich to mark as solved.

Altho I have tested it....I am not a coder....which is why I make more mistakes than I like
but yes I lacked imagination so did not design the older version for copy2fs members

Good luck testing