| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Bart Alewijnse wrote: |
| 5 |
| Errm. I was referring to the *user* 'emerge' - I wasn't aware you can |
| 6 |
| use su to execute binaries. sudo, yes, but su? 'sudo su emerge' would |
| 7 |
| cause sudo to run su with the command line parameter 'emerge' which |
| 8 |
| can only be a username - rather than hand sudo two executable names, |
| 9 |
| right? |
| 10 |
| But if you're paranoid, you could likely require the path to emerge in |
| 11 |
| sudoers, so that it'd have to be |
| 12 |
| 'sudo su /usr/bin/emerge' - or possibly just that it'd only accept |
| 13 |
| running emerge if the actual emerge binary being suggested for running |
| 14 |
| is the one in /usr/bin. Since you don't have direct accidental access |
| 15 |
| to that as either considered user, it's not a risk. |
| 16 |
| |
| 17 |
Yes, su can run commands with the -c option. So 'su root -c "rm -rf /"' |
| 18 |
would blow away your system. However, in your example you don't have |
| 19 |
the -c so it would only switch to user emerge. Also as you said they |
| 20 |
would need root access at some point to install packages. |
| 21 |
|
| 22 |
What about a chrooted environment? I've not tested this, but what if |
| 23 |
someone set up some sym links to everything else, but made their own |
| 24 |
/usr/bin dir with a copy of vim? Could that get around sudo's simple |
| 25 |
path checking? |
| 26 |
|
| 27 |
- -- |
| 28 |
Greg Watson |
| 29 |
Security and Technology Manager |
| 30 |
-----BEGIN PGP SIGNATURE----- |
| 31 |
Version: GnuPG v1.2.4 (GNU/Linux) |
| 32 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
| 33 |
|
| 34 |
iD8DBQFBCR65ij88q5/ZVdIRAn20AJ9VwdWpriEwSxIS2e7NJWsXhxYsuACfTU4n |
| 35 |
gDtVUhHW8ZfOiuNHTYtdPvw= |
| 36 |
=grjt |
| 37 |
-----END PGP SIGNATURE----- |
| 38 |
|
| 39 |
-- |
| 40 |
gentoo-security@g.o mailing list |
Archives