[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: If you care about debian's security read this

On Mon, 4 Mar 2002 16:38:00 +0000
Jules Bean <jules@jellybean.co.uk> wrote:

> So you need to acknowledge that gnome-sudo doesn't do what you thought
> (or hoped) it did.  It doesn't restrict access to a subset of possible
> commands.
that's a grave problem IMHO, but if it not going to be fixed in time than
I'd like to ask that this limitations are at least documented in the
README file...

I don't want to keep gnome-sudo from entering woody... I just wouldn't like
to see it enter woody carrying this problem (and yes, I've been hacking
around to find a solution)

> That is not a root hole, any more than 'sudo' itself is a root hole,
> since sudo allows people to set up root access for any user, or chmod
> is a root hole since it allows root to make setuid root shells.
no, sudo is not a root hole itself... it will work even if your user is
not allowed to run /bin/sh as root... sudo allows the admin to control
what the users run as root

as an admin... after reading this:

Description: GUI frontend to sudo

wouldn't you belive that gnome-sudo is as safe as sudo? I did... and
was very impressed when I found out I was wrong. I became worried because
everything on the package makes me think gnome-sudo will behave as sudo
for example, in the manpage:

Finally, you must have  sudoers(5)  set  up  correctly  in
order for gnome-sudo to work.

It makes me think that I must set my sudoers line to contain the programs 
I want to run with gnome-sudo. There's no documentation about what needs to
be set up on the sudoers file (that means you'll probably have to look at
the code to find out, like I did) and there's not even a small warning 
about the problems it will cause (again, looking at the code you'll find


kov@debian.org: Gustavo Noronha <http://www.metainfo.org/kov>
Debian: <http://www.debian.org> * <http://debian-br.cipsga.org.br>

Reply to: