[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: VI wrapper for SUDO? - another bad way ??

* William R Ward <bill@wards.net> [2001.12.04 10:48:19-0800]:
> Right; but assumin gone takes care of this kind of issue, is there
> anything inherently unsafe about running shell scripts through sudo?
> I understand that there are risks of race conditions with setuid shell
> scripts, and so they are disabled on most Linux boxen.  Is that also
> an issue for sudo shell scripts?

there are no security flaws that emerge from using sudo. that is, a
shell script that is safe for root to run will be safe for sudo. you
do have to worry about such things as shell escaping and other stuff
which would allow a user to break out of the sudo restriction to get a
shell. vi is a dangerous one because you can execute shell commands.
if you sudo emacs then you might just as well sudo a shell.

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
"the human brain is like an enormous fish --
 it is flat and slimy
 and has gills through which it can see."
                                                       -- monty python

Attachment: pgpUAFuKQCHv5.pgp
Description: PGP signature

Reply to: