1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Bart Alewijnse wrote: |
5 |
| Errm. I was referring to the *user* 'emerge' - I wasn't aware you can |
6 |
| use su to execute binaries. sudo, yes, but su? 'sudo su emerge' would |
7 |
| cause sudo to run su with the command line parameter 'emerge' which |
8 |
| can only be a username - rather than hand sudo two executable names, |
9 |
| right? |
10 |
| But if you're paranoid, you could likely require the path to emerge in |
11 |
| sudoers, so that it'd have to be |
12 |
| 'sudo su /usr/bin/emerge' - or possibly just that it'd only accept |
13 |
| running emerge if the actual emerge binary being suggested for running |
14 |
| is the one in /usr/bin. Since you don't have direct accidental access |
15 |
| to that as either considered user, it's not a risk. |
16 |
| |
17 |
Yes, su can run commands with the -c option. So 'su root -c "rm -rf /"' |
18 |
would blow away your system. However, in your example you don't have |
19 |
the -c so it would only switch to user emerge. Also as you said they |
20 |
would need root access at some point to install packages. |
21 |
|
22 |
What about a chrooted environment? I've not tested this, but what if |
23 |
someone set up some sym links to everything else, but made their own |
24 |
/usr/bin dir with a copy of vim? Could that get around sudo's simple |
25 |
path checking? |
26 |
|
27 |
- -- |
28 |
Greg Watson |
29 |
Security and Technology Manager |
30 |
-----BEGIN PGP SIGNATURE----- |
31 |
Version: GnuPG v1.2.4 (GNU/Linux) |
32 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
33 |
|
34 |
iD8DBQFBCR65ij88q5/ZVdIRAn20AJ9VwdWpriEwSxIS2e7NJWsXhxYsuACfTU4n |
35 |
gDtVUhHW8ZfOiuNHTYtdPvw= |
36 |
=grjt |
37 |
-----END PGP SIGNATURE----- |
38 |
|
39 |
-- |
40 |
gentoo-security@g.o mailing list |