Re: VI wrapper for SUDO?

To: Christoph Ulrich Scholler <scholler@fnb.tu-darmstadt.de>
Cc: debian-security@lists.debian.org
Subject: Re: VI wrapper for SUDO?
From: Joshua Goodall <joshua@myinternet.com.au>
Date: Fri, 30 Nov 2001 22:34:25 +1100
Message-id: <[🔎] 20011130223425.A5601@myinternet.com.au>
In-reply-to: <[🔎] 20011130122314.B16287@fnb.tu-darmstadt.de>
References: <[🔎] m2d721gpsb.fsf@komodo.home.wards.net> <[🔎] 20011130122314.B16287@fnb.tu-darmstadt.de>

That is a fair point but addressable with post-editing checks
in the wrapper. Of course, one is exceedingly vulnerable to
race conditions if one is not very careful about what is read and
when.

You don't have to use vi; there are dumber editors in the world.

Maybe you should just have some programmatic (i.e. commandline,
not full-screen) editing program for aliases that's callable from sudo.

However the whole idea fills me with worry; /etc/aliases IS quite a critical
file and I'm certain that specific attacks could be engineered
against you if write access was obtained.

Why not just have users make their changes and mail a diff to
the sysadmin for approval :)

J

p.s. failing that, investigate LIDS; but that's a different ball game.

On Fri, Nov 30, 2001 at 12:23:14PM +0100, Christoph Ulrich Scholler wrote:
> hi,
> 
> maybe i misunderstand the intention here, but isn't it pointless to
> restrict privileges of the editing process of /etc/aliases if you could
> just as well change root's alias to a program that's run whenever root
> receives email and, e. g., puts one's most favourite /etc/passwd in
> place of the original?
> 
> regards,
> 
> uLI
> 
> On Thu, Nov 29, 2001 at 02:45:08PM -0800 or thereabouts, William R Ward wrote:
> > A lazy sysadmin, not thinking through the ramifications, might put
> > things like "/usr/bin/vi /etc/aliases" in the sudoers file, thinking
> > that it limits access.  But of course, vi has the ":e" command...
> > 
> > Is there any kind of wrapper that can be used to allow sudo to grant
> > editing access to only one file?  I am thinking of something similar
> > to vipw or visudo, but with security in mind; following this basic
> > algorithm:
> > 
> > 1. Using user privileges, Copy the desired file to a temp file owned
> >    by the real user.
> > 2. Using user privileges, Edit the temp file.
> > 3. Using root privileges, copy the temp file to the final location.
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

Follow-Ups:
- Re: VI wrapper for SUDO? - aliases
  - From: Alvin Oga <aoga@Maggie.Linux-Consulting.com>

References:
- VI wrapper for SUDO?
  - From: William R Ward <bill@wards.net>
- Re: VI wrapper for SUDO?
  - From: Christoph Ulrich Scholler <scholler@fnb.tu-darmstadt.de>

Prev by Date: Re: VI wrapper for SUDO?
Next by Date: SSH1 CRC-32 bug?
Previous by thread: Re: VI wrapper for SUDO?
Next by thread: Re: VI wrapper for SUDO? - aliases
Index(es):
- Date
- Thread