1 |
Errm. I was referring to the *user* 'emerge' - I wasn't aware you can |
2 |
use su to execute binaries. sudo, yes, but su? 'sudo su emerge' would |
3 |
cause sudo to run su with the command line parameter 'emerge' which |
4 |
can only be a username - rather than hand sudo two executable names, |
5 |
right? |
6 |
But if you're paranoid, you could likely require the path to emerge in |
7 |
sudoers, so that it'd have to be |
8 |
'sudo su /usr/bin/emerge' - or possibly just that it'd only accept |
9 |
running emerge if the actual emerge binary being suggested for running |
10 |
is the one in /usr/bin. Since you don't have direct accidental access |
11 |
to that as either considered user, it's not a risk. |
12 |
|
13 |
Again with the calling me undercaffeinated if I'm missing something. |
14 |
|
15 |
But as to the being bad, I don't see how it's not an entirely moot point. |
16 |
|
17 |
You give them root access one way or the other, be it directly, or |
18 |
indirectly quite simply because you allow them full access to the |
19 |
filesystem through emerge - you have to, or emerge wouldn't work. If |
20 |
they wanted to be bad, they could do what they wanted anyhow - say, |
21 |
make a portage package that'd have the added featuer of also mailing |
22 |
them the password shadow file. |
23 |
|
24 |
If this needs to work, and cleanly, it needs to be authentication |
25 |
within emerge, as far as I can see. |
26 |
|
27 |
--Bart Alewijnse |
28 |
|
29 |
-- |
30 |
gentoo-security@g.o mailing list |