[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: VI wrapper for SUDO? - another bad way ??

hi ya bill

if that sh script is called sucpaliases...
you cannot(should not) put "sudo sucpaliases" inside of it
	- infinite recursion...

the original idea was to copy and install the users versions
of /etc/aliases file w/o giving um root or changing permissions...
and not to allow sucpaliases to edit the file directly
	( edit the file as a user ...

-- another simpler way is to make /etc/aliases group writable
   and newaliases for sudo by certain users
	-- good and bad idea..

-- and you can put /etc/aliases into cvs control tooo

-- c code is subject to buffer overflow problems...
-- scripts are susceptable to environment variables changing...

-- in either case...  you have to trust your users that run the
   scripts/apps to replace  /etc/aliases w/o giving um root access

c ya

On Thu, 29 Nov 2001, William R. Ward wrote:

> Alvin Oga writes:
> >how about: ( maybe a dumb idea .... but...a temporary answer??
> >
> >user> vi  /etc/aliases
> >	- save it to /tmp/aliases
> >
> >user> sucpaliases
> >
> >where sucp:  and allow users to run sucp as root
> >	- add sucpaliases into the sudo file
> Not bad... then wrap the whole thing in a script..  editaliases would
> do the above steps
> #!/bin/sh
> tmpfile=/tmp/editaliases$$
> cp /etc/aliases $tmpfile
> /etc/alternatives/editor $tmpfile
> sudo sucpaliases $tmpfile
> sudo newaliases		# for good measure
> # end editaliases
> Question: Is it generally considered secure enough to sudo a bash
> script like your sucpaliases?  Or should a C equivalent be written
> instead?
> --Bill.

Reply to: