Re: Linux /usr/bin/gnuplot overflow

[rich () VAX2 CONCORDIA CA (Rich Lafferty)]

Quoting Speed (speed () LINUX DPILINK COM) from Thu, Mar 04, 1999 at 08:04:49PM -0500:
> It is interesting to note that the gnuplot on my system is NOT suid root
> (nor have I modified the default installed settings).  My version is 3.5
> patchlevel 3.50.1.17 (i.e. very old).  The distribution is Slackware.
>
> I agree with xnec in that I can see no good reason to make it suid root.
> Anyone know why this was done?

Debian Linux's gnuplot README says:

  In order to enable ordinary users to use SVGA console graphics,
  gnuplot needs to be set up as setuid root.  Please note that this is
  usually considered to be a security hazard and is not recommended
  unless you know what you are doing.

Running it under X11 doesn't require gnuplot to be suid root.  FWIW,
when installing gnuplot from the Debian package, dpkg asks

  Currently, gnuplot is not set up as setuid root.  Good.
  Do you want to change it?  (y/n/?) [n]

The ? option gives:

    In order to enable ordinary users to use SVGA console graphics,
    gnuplot needs to be set up as setuid root.  Please note that
    this is usually considered to be a security hazard.

which leads me to conclude that at least one person went "hm, that's
not right". I couldn't find anything one way or another in gnuplot's
documentation, though. CONSOLE GROUP, people.

  \Rich

--
Rich Lafferty ---------------------------------------------------------
IITS/Computing Services     | "Oderint dum metuant."
Concordia University        |            -- Lucius Accius (170-90 BC).
rich () vax2 concordia ca -----------------------------------------[McQ]--