Re: VI wrapper for SUDO? - another bad way ??
hi ya bill
if that sh script is called sucpaliases...
you cannot(should not) put "sudo sucpaliases" inside of it
- infinite recursion...
the original idea was to copy and install the users versions
of /etc/aliases file w/o giving um root or changing permissions...
and not to allow sucpaliases to edit the file directly
( edit the file as a user ...
-- another simpler way is to make /etc/aliases group writable
and newaliases for sudo by certain users
-- good and bad idea..
-- and you can put /etc/aliases into cvs control tooo
-- c code is subject to buffer overflow problems...
-- scripts are susceptable to environment variables changing...
-- in either case... you have to trust your users that run the
scripts/apps to replace /etc/aliases w/o giving um root access
c ya
alvin
On Thu, 29 Nov 2001, William R. Ward wrote:
> Alvin Oga writes:
> >how about: ( maybe a dumb idea .... but...a temporary answer??
> >
> >user> vi /etc/aliases
> > - save it to /tmp/aliases
> >
> >user> sucpaliases
> >
> >where sucp: and allow users to run sucp as root
> > - add sucpaliases into the sudo file
>
> Not bad... then wrap the whole thing in a script.. editaliases would
> do the above steps
>
> #!/bin/sh
>
> tmpfile=/tmp/editaliases$$
> cp /etc/aliases $tmpfile
> /etc/alternatives/editor $tmpfile
> sudo sucpaliases $tmpfile
> sudo newaliases # for good measure
> # end editaliases
>
> Question: Is it generally considered secure enough to sudo a bash
> script like your sucpaliases? Or should a C equivalent be written
> instead?
>
> --Bill.
>
Reply to: