Re: New Debian Package Customization HOWTO
Jeroen van Wolffelaar <jeroen@wolffelaar.nl> writes:
> On Sat, Jun 04, 2005 at 05:58:18PM -0700, Russ Allbery wrote:
>> Eep, please don't tell people to give themselves full privileges with
>> sudo unless they know what they're doing. The sudo configuration here
>> is just to run pbuilder, right? If so, just recommend something like:
>>
>> bob ALL = NOPASSWD: /usr/sbin/pbuilder
>> bob ALL = NOPASSWD: /usr/lib/pbuilder/pbuilder-satisfydepends
>>
>> This is sufficient in my experience.
> It won't provide you with any additional security though, so it will
> only give a false sense of security. If you can run pbuilder with any
> argument, you can specify an arbitrary configfile, and that way have any
> arbitrary command run as root. Even if it's only in the chroot, which I
> didn't check right now, as root in a chroot you can break out and be
> root on the host system.
Hm, yes, good point. I would still argue for listing the specific
commands just for general sudo sanity, but the NOPASSWD is probably a bad
idea. I hadn't thought that all the way through.
Given that, it's worth a big note on the page that configuring things this
way gives that account full root access, meaning that if someone breaks
into it, they also have root. That may not be obvious to someone who
hasn't done this before.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
Reply to: