On 26/01/2023 11:04, Greg Wooledge wrote:
On Thu, Jan 26, 2023 at 10:26:34AM +0700, Max Nikulin wrote:Greg, I agree with your warnings. Just out of curiosity, is there a reason why the following variant may still be unsafe? runas() { local who=$1; shift; su --login "$who" --shell=/bin/bash --command='"$0" "$@"' -- "$@"; }1) http://jdebp.info/FGA/dont-abuse-su-for-dropping-privileges.html
Greg, thank you for the link. Actually I use su namely to create PAM session, e.g. to get shell inside a container using "lxc-attach -n container ... -- su - user" (when where is no point to use ssh). setpriv is likely not an option in such case. Mostly I use sudo. Sometimes I use the trick with positional arguments passed to "sh -c", but I have never combined it with su before.
3) --command='"$0" "$@"' is ... very unintuitive, even for an experienced
shell user.
...
su "$who" -c '"$@"' -- x "$@"
To get meaningful command name in ps output, perhaps it is better to use something like
su "$who" -c '"$@"' -- su-bash "$@"(or "su-$SHELL" that skill may not be precise). Repeating $1 is likely worse, since the process is shell, not the passed command.
su "$who" -c '"$@"' -- "$1" "$@"
Can't say
I've ever seen su contortions like this before.
I have an idea what should be referred to as a real abuse of su. Do not do it, it is just a joke. However it allows to avoid issues with spaces and other shell specials in arguments.
runas() { local who=$1; exe="$(type -P "$2")"; shift 2; su - "$who" -s "$exe" -- "$@"; }