Re: VI wrapper for SUDO? - another bad way ??

[William R Ward <bill@wards.net>]

martin f krafft <madduck@madduck.net> writes:
> * William R. Ward <bill@wards.net> [2001.11.29 18:00:40-0800]:
> > Question: Is it generally considered secure enough to sudo a bash
> > script like your sucpaliases?  Or should a C equivalent be written
> > instead?
> 
> no. especially not the quick'n'dirty version that alvin posted. i am
> not criticizing, but there is an art to writing secure shell scripts.
> i can't give you full details, but two things that you should *never*
> forget is using absolute paths for binaries only. in addition, set
> your PATH to the standard explicitly.
[example snipped]

Right; but assumin gone takes care of this kind of issue, is there
anything inherently unsafe about running shell scripts through sudo?
I understand that there are risks of race conditions with setuid shell
scripts, and so they are disabled on most Linux boxen.  Is that also
an issue for sudo shell scripts?

--Bill.

-- 
William R Ward            bill@wards.net          http://www.wards.net/~bill/
-----------------------------------------------------------------------------
     If you're not part of the solution, you're part of the precipitate.