Red Hat Bugzilla – Bug 373211
smolt should only be runnable by root
Last modified: 2007-11-30 17:12:21 EST
The admin of a machine should have control over who submits hardware information
about it to a central source.
smolt's send profile app should only be runnable by root.
What's to stop somebody from getting/sending completely unprivileged hardware
information to a smolt server anyway? Having smolt fail for non-root should not
make this information any less available to somebody that wants to submit it.
The admin of a machine can do this after install if they wish, but to allow
only root is an illusion as people could just download the smolt source and
send it that way.
The difference is about of information disclosed and ease of use. Smolt makes it
easy to reveal a lot of information about a box very quickly.
Still an illusion, lshal shows way more information about a box (things like
service tag even)
lshal doesn't submit to a centralised database.
Your "illusion" is broken. My issue is that smolt makes it simple for a person
who does not own a box to submit information to a centralised place.
The fact that they can download smolt, remove the suggested check for uid 0,
then run it, proves my point - you've made it harder for them, which is the the
The illusion I'm referring to is admins thinking that if smolt is root-only
runable that their profile won't end up in the database, because that's just
not the case.
Meanwhile I find it bad to run applications as root and never do it unless