On Thu, Oct 17, 2002 at 05:37:18PM +0200, Raffaele Sandrini wrote:
> On Thursday 17 October 2002 15:11, Andrew Perrin wrote:
> > It's a bad idea :)
> >
> > No, really - what do you need to do that can't be done by sudo, cron, or
> > at? These are well-tested tools and will probably make you happier than
> > your plan.
[snip]
> > Let me reiterate, though: it's a BAD IDEA. How will you make sure nobody
> > has access to running root scripts through your daemon?
>
> hehe, I thought your answer may result like that :-))
>
> I need it for a small KDE application wich needs to execute some privileged
> procecesses (like mount) WITHOUT password promting to the user. The KDE app
> itself can't run as root (casue that needs an extra enviroment and i don't
> want that) and setuid root is not a good idea cause of the kdelibs (and also
> here a root env would be necessary).
IMHO a better way would be:
- Create a script in /usr/local/bin that does whatever you need it to.
Make sure it works when root executes it - doesn't have to work for
mere mortals.
- Add a line to /etc/sudoers that allows user X to execute that script
as root *without* having to supply a password:
<usernameX> <hostname> = NOPASSWD: /usr/local/bin/yourscript
Make sure that there aren't any "holes" in your script:
- Avoid command line parameters if possible
- Early in the script set the PATH and IFS variables to known values
- Dont use e.g. "#!/usr/bin/env interpreter", but go straight to
"#!/usr/bin/interpreter"
And educate user X about the dangers and enforce any rules you lay down:
cracking user X's account will now allow the black hats to execute
/usr/local/bin/yourscript as root...
As far as I can see, this would satisfy your needs - but be sure that
you understand the security implications.
HTH
--
Karl E. Jørgensen
karl@jorgensen.com
www.karl.jorgensen.com
==== Today's fortune:
Linux: the choice of a GNU generation
-- ksh@cis.ufl.edu put this on Tshirts in '93
Attachment:
pgpg_FXWcMBXP.pgp
Description: PGP signature