[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sudo and growisofs

sudo growisofs ... /etc/shadow
env MKISOFS=/tmp/evil.script sudo growisofs ...

is enough reason for vast majority of users. A.

How about I create a non superuser "burn" that is allowed to burn through
permissions on the block device and then use:

Well, who makes sure that input data readable for non-superuser "burn"? Is it acceptable that account in question can be used for virtually any purpose through env MKISOFS=/tmp/evil.script ...? I bet not, and then we just come back to the workaround suggested in man-page. And once again, if you disagree just compile with 'make WARN=-DI_KNOW_ALL_ABOUT_SUDO' and make your own rules. A.

Reply to: