Todd Zullinger wrote:
> If you use sudo, you don't have to give the user the root password,
> you just edit the /etc/sudoers file to allow them to run the
> particular command(s) you want and they enter their own password to
> run them.
Note: depending on what the program is, this may be equivalent to giving
users the root password. In particular, if there is any way to "shell
out" from the program, or run an external editor, then the user can end
up with a root shell.
I'm also concerned about the man-page paragraph:
To prevent command spoofing, sudo checks "." and "" (both
denoting current directory) last when searching for a command in
the user’s PATH (if one or both are in the PATH). Note, however,
that the actual PATH environment variable is not modified and is
passed unchanged to the program that sudo executes.
I read this as saying that *if* a program runs another program merely by
name (e.g. "hostname" rather than "/bin/hostname"), then a malicious
user could place a symlink to bash from ./hostname, change the PATH
appropriately, and sudo the first program.
In general, simple text-mode programs are OK, complex graphical ones may
well have holes.
James.
--
E-mail: james@ | *No-one* liked the Joshua N'Clement block. The people who
aprilcottage.co.uk | lived there thought everyone should be taken out and then
| the block should be blown up, and the people who lived
| near the block just wanted it blown up.
| -- Terry Pratchett
