Re: If you care about debian's security read this
On Mon, 4 Mar 2002 16:38:00 +0000
Jules Bean <jules@jellybean.co.uk> wrote:
> So you need to acknowledge that gnome-sudo doesn't do what you thought
> (or hoped) it did. It doesn't restrict access to a subset of possible
> commands.
that's a grave problem IMHO, but if it not going to be fixed in time than
I'd like to ask that this limitations are at least documented in the
README file...
I don't want to keep gnome-sudo from entering woody... I just wouldn't like
to see it enter woody carrying this problem (and yes, I've been hacking
around to find a solution)
> That is not a root hole, any more than 'sudo' itself is a root hole,
> since sudo allows people to set up root access for any user, or chmod
> is a root hole since it allows root to make setuid root shells.
no, sudo is not a root hole itself... it will work even if your user is
not allowed to run /bin/sh as root... sudo allows the admin to control
what the users run as root
as an admin... after reading this:
Description: GUI frontend to sudo
wouldn't you belive that gnome-sudo is as safe as sudo? I did... and
was very impressed when I found out I was wrong. I became worried because
everything on the package makes me think gnome-sudo will behave as sudo
for example, in the manpage:
Finally, you must have sudoers(5) set up correctly in
order for gnome-sudo to work.
It makes me think that I must set my sudoers line to contain the programs
I want to run with gnome-sudo. There's no documentation about what needs to
be set up on the sudoers file (that means you'll probably have to look at
the code to find out, like I did) and there's not even a small warning
about the problems it will cause (again, looking at the code you'll find
out)
[]s!
--
kov@debian.org: Gustavo Noronha <http://www.metainfo.org/kov>
Debian: <http://www.debian.org> * <http://debian-br.cipsga.org.br>
Reply to: