[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: VI wrapper for SUDO? - another bad way ??

martin f krafft <madduck@madduck.net> writes:
> * William R. Ward <bill@wards.net> [2001.11.29 18:00:40-0800]:
> > Question: Is it generally considered secure enough to sudo a bash
> > script like your sucpaliases?  Or should a C equivalent be written
> > instead?
> no. especially not the quick'n'dirty version that alvin posted. i am
> not criticizing, but there is an art to writing secure shell scripts.
> i can't give you full details, but two things that you should *never*
> forget is using absolute paths for binaries only. in addition, set
> your PATH to the standard explicitly.
[example snipped]

Right; but assumin gone takes care of this kind of issue, is there
anything inherently unsafe about running shell scripts through sudo?
I understand that there are risks of race conditions with setuid shell
scripts, and so they are disabled on most Linux boxen.  Is that also
an issue for sudo shell scripts?


William R Ward            bill@wards.net          http://www.wards.net/~bill/
     If you're not part of the solution, you're part of the precipitate.

Reply to: