Re: Excessive root usage in Debian
John Goerzen wrote:
> We run all sorts of things as root that really shouldn't. We run
> sendmailconfig, a big shell script that invokes m4, makemap, and
> various other programs as root. Few of the things that script does
> should be run as root. There's no sane reason to run m4 as root.
> Nobody has even audited tthese things for security for running as
> root!
There's very little point in auditing programs that run as root unless they
a) Take input form some source a non-root user might control.
or
b) Can be started as root by a non-root user.
AFIAK neither a or b is true of m4 or makemap or sendmailconfig, or
update-menus for that matter (though you have a point aboutr resource limits).
--
see shy jo
Reply to: