[Xastir] Trap for Young and Old
Jason KG4WSV
kg4wsv at gmail.com
Wed Jun 18 16:59:43 EDT 2014
On Wed, Jun 18, 2014 at 2:00 PM, Curt, WE7U <curt.we7u at gmail.com> wrote:
> Xastir does this, but would you want to trust security of your system to a
> bunch of hobbyists? ;-)
'cause that's not something linux users are familiar with. :|
> We do what we can, but I wouldn't say Xastir has been thoroughly gone
> through from a security standpoint. It's better than a lot of programs, as
> we took care when writing/modifying that portion of code, but there are no
> guarantees.
Yeah, and there's another lever of problems/challenges running SUID
root (or SUID anything for that matter), and it really shouldn't be
the xastir team's problem to give it that sort of scrutiny - it's
complicated enough without dealing with changing EUIDs as you go
along.
> Technically it isn't a problem: The AX.25 networking port is implemented
> similarly to ethernet ports in terms of permissions.
>
> For Xastir to be able to access the port, it needs root privileges.
So you can't just chmod 666 /dev/ax25 (or whatever) so that xastir can
access it running as joe user?
-Jason
kg4wsv
More information about the Xastir
mailing list