Re: VI wrapper for SUDO? - another bad way ??

To: bill@wards.net (William R. Ward)
Cc: Gerfried Fuchs <alfie@ist.org>, debian-security@lists.debian.org
Subject: Re: VI wrapper for SUDO? - another bad way ??
From: tb@becket.net (Thomas Bushnell, BSG)
Date: 04 Dec 2001 15:51:07 -0800
Message-id: <[🔎] 877ks2sfx0.fsf@becket.becket.net>
In-reply-to: <[🔎] 15373.10879.147701.771579@komodo.home.wards.net>
References: <m27ks9f61n.fsf@komodo.home.wards.net> <Pine.LNX.3.96.1011129172429.23706A100000@Maggie.LinuxConsulting.com> <15366.59464.882232.197928@komodo.home.wards.net> <[🔎] 20011202181642.D4667@fishbowl.madduck.net> <m2r8qck7qw.fsf@komodo.home.wards.net> <20011204194434.GB5083@asgard.pte.at> <[🔎] 15373.10879.147701.771579@komodo.home.wards.net>

bill@wards.net (William R. Ward) writes:

> It's been an option on traditional Unix systems for a long time.  When
> kernel runs the interpreter listed on the #! line, it does so with
> suid/sgid access enabled.  It's not really any more difficult than
> launching binaries.  

However, there is an unavoidable security hole if you have any setuid
#! scripts, at least, as they are traditionally implemented.  If you
adjust the semantics slightly, it can be fixed, but even then, it's
not usually judged to be that important.

Reply to:

References:
- Re: VI wrapper for SUDO? - another bad way ??
  - From: martin f krafft <madduck@madduck.net>
- Re: VI wrapper for SUDO? - another bad way ??
  - From: bill@wards.net (William R. Ward)

Prev by Date: Re: How do I disable (close) ports?
Next by Date: Re: How do I disable (close) ports?
Previous by thread: Re: VI wrapper for SUDO? - another bad way ??
Next by thread: Re: VI wrapper for SUDO? - another bad way ??
Index(es):
- Date
- Thread