Actions are important for internal handling. An action is something that should be performed, and it can be anything. It will be started from an event, such as a smart card insert or smart card remove, or when a user selects a menu option.
The actions can reference applications, scripts, or other files on the hard-drive.
All actions are executed with the same privilege as the starting process:
a system process will have administrator privilege.
a user process will have user privilege.
Do not reference a file at a location where the normal user can update the file. If so, an attacker can get user privilege and update the file.
|To avoid the opening of a security hole, never configure an action that references applications, scripts, or other files that can be changed by a normal user.|