Tiny Core Extensions > TCE Bugs

seatd & copy2fs.flg

<< < (4/5) > >>

aus9:
M-A-X
Please provide evidence that seatd with SUID set reports vulnerabilities. I can find none.
But I wonder if your reasons are clear to me.

Anyone with access to the sudo command can do anything. You do understand this right?

--- Code: ---file /usr/bin/sudo
/usr/bin/sudo: setuid executable, regular file, no read permission
ls -al /usr/bin/sudo
---s--x--x    1 root     root        148148 Jan 25 00:07 /usr/bin/sudo
--- End code ---

If I understand your fear of SUID correctly then I suggest you create a root password and add it to persistence
(2) modify your rootfs and delete sudo from it so that
(3) any root power you need needs

--- Code: ---su
<input intended command>
--- End code ---

If Juanito or anyone else....when I submit my updated seatd....feels I am damaging the reputation of Tinycore
I will have to accept their judgement. I have a history of spitting the dummy that Rich knows too well.
I am the original packager of seatd, and feel your questioning on my lack of security is unfair when you are using sudo so freely.

Rich:
Hi aus9

--- Quote from: aus9 on January 26, 2026, 05:24:50 PM ---my bad that not how I made it ....it reads ...
--- End quote ---
That looks good.


--- Quote from: aus9 on January 26, 2026, 05:36:00 PM ---M-A-X
Please provide evidence that seatd with SUID set reports vulnerabilities. I can find none. ...
--- End quote ---
He said nothing about vulnerabilities. Read his post again:
https://forum.tinycorelinux.net/index.php/topic,27984.msg181184.html#msg181184

He mentions a potential for bugs, which did occur and is being addressed by this thread.
And he basically said typing  sudo  is not a burden.

M-A-X:

--- Quote from: aus9 on January 26, 2026, 05:36:00 PM ---... and feel your questioning on my lack of security is unfair when you are using sudo so freely.

--- End quote ---

My apologies, this was not my intention.

The manpage of seatd-launch gives the following statement:


--- Quote ---seatd requires root privileges to perform its tasks. This can be achieved
through SUID of seatd-launch or by running seatd-launch as root. seatd-launch
will drop privileges from the effective user to the real user before running
the specified command. If the real user is root, this is simply a noop. You
should only run seatd-launch as root if you intend for the specified command to
run as root as well.

--- End quote ---

Now I understand why it makes sense to assign SUID permission to seatd-launch.

aus9:
M-A-X
are you using the main repo or a mirror?
If you are using a mirror...and if my submission ....will take a while to process....lands....you could use your web browser to view the info and md5 contents
and clicking the TCE will download it

If using a member, and forgive me if you already know this but you are a new member bookmark this
http://tinycorelinux.net/16.x/x86_64/tcz/seatd.tcz.info
when that date changes....edit to strip .info and download magic should start

cheers

gadget42:

--- Quote from: aus9 on January 27, 2026, 08:03:06 PM ---...
http://tinycorelinux.net/16.x/x86_64/tcz/seatd.tcz.info
when that date changes....edit to strip .info and download magic should start
--- End quote ---
wanted to confirm that the above quoted "when that date changes" was intended to be the word "date" as opposed to "data"
(yes, a date change would technically be a data change)

thanks

Navigation

[0] Message Index

[#] Next page

[*] Previous page