1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Harald van Dijk wrote: |
5 |
> On Sun, Nov 12, 2006 at 04:56:33AM -0500, Mike Frysinger wrote: |
6 |
>> On 11/12/06, Harald van Dijk <truedfx@g.o> wrote: |
7 |
>>> On Sun, Nov 12, 2006 at 04:34:25AM -0500, Mike Frysinger wrote: |
8 |
>>>> On 11/12/06, Peter Volkov (pva) <pva@g.o> wrote: |
9 |
>>>>> The possible solution is to add virtual/editor ebuild |
10 |
>>>> this is a horrible idea |
11 |
>>>> |
12 |
>>>> why not modify sudo to not filter the EDITOR env var then there is no |
13 |
>>>> more problem |
14 |
>>> Except for a gaping security hole. |
15 |
>> pulling a ciaranm here huh ? if a guy has access to `sudo`, then |
16 |
>> having a modified environment isnt going to make much difference |
17 |
> |
18 |
> sudo can be configured to only allow access to a select few applications. |
19 |
> Allowing arbitrary EDITOR settings completely bypasses this. |
20 |
so force EDITOR to something "secure" (infra uses rvim) but really, |
21 |
visudo, vipw, crontab.... these can all be exploited to gain root access |
22 |
thus making it silly to try to prevent in these cases. |
23 |
|
24 |
- -- |
25 |
======================================================= |
26 |
Mike Doty kingtaco -at- gentoo.org |
27 |
Gentoo/AMD64 Strategic Lead |
28 |
Gentoo Council |
29 |
Gentoo Developer Relations |
30 |
Gentoo Recruitment Lead |
31 |
Gentoo Infrastructure |
32 |
GPG: E1A5 1C9C 93FE F430 C1D6 F2AF 806B A2E4 19F4 AE05 |
33 |
======================================================= |
34 |
-----BEGIN PGP SIGNATURE----- |
35 |
Version: GnuPG v1.4.5 (GNU/Linux) |
36 |
|
37 |
iQCVAwUBRVczQIBrouQZ9K4FAQKPrwQAk6vH/W7BRpEK896RE11PpFOJyPKxhYQZ |
38 |
V0UPKHclNs3WEyx4jw8m743hHPQqd8OZ2Dn6GM5H88m9PdH+S7JtickCXH9SmN0w |
39 |
E1ODtFbdS6Hg1T5N3Pghf6K+HWkyyvEBIvoffQW7jFpBAmhSWHBFcAwNuETey6pL |
40 |
sIE+oLQo+48= |
41 |
=5lw7 |
42 |
-----END PGP SIGNATURE----- |
43 |
-- |
44 |
gentoo-dev@g.o mailing list |