Re: Sudo was[Re: Emacs from Xterm]

[Joseph Dane <jdane@lava.net>]

>>>>> "Stephen" == Stephen Rueger <stephen.rueger@rechnerpost.org> writes:

 Stephen> If you have to give someone access to certain things which
 Stephen> don't fit in one of those categories, it can be considered a
 Stephen> necessary evil and has to be done. And using sudo, which
 Stephen> lets at least partially control who is allowed to do what as
 Stephen> a privileged user is surely better than giving people the
 Stephen> rootpassword and full access.

If it's absolutely necessary to let someone execute a program as root
w/o giving them the root password, then I agree that sudo is the way
to go.

*but*, people often overestimate the safety provided by sudo.  many
editors allow shell escapes, so anyone who can sudo one of these
editors can get a root shell.  since this is a fairly simple case,
there are solutions, e.g. providing a restricted editor that doesn't
allow shell escapes.

but consider a program which uses loadable modules, and which must be
started as root.  you shouldn't have to think too hard before coming
up with an example.  if the installation isn't done carefully, it
might be possible for a non-root user to modify one of the modules.
the modified module could then do whatever the user wanted, as root.
not that the modules have to be world writable, but maybe they're
owned by some other dummy account, to which our hypothetical user
might also have sudo access.

this can also be protected against, of course.  my point is that the
implications of allowing sudo are often not immediately apparent.

-- 

joe


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org