| 1 |
Errm. I was referring to the *user* 'emerge' - I wasn't aware you can |
| 2 |
use su to execute binaries. sudo, yes, but su? 'sudo su emerge' would |
| 3 |
cause sudo to run su with the command line parameter 'emerge' which |
| 4 |
can only be a username - rather than hand sudo two executable names, |
| 5 |
right? |
| 6 |
But if you're paranoid, you could likely require the path to emerge in |
| 7 |
sudoers, so that it'd have to be |
| 8 |
'sudo su /usr/bin/emerge' - or possibly just that it'd only accept |
| 9 |
running emerge if the actual emerge binary being suggested for running |
| 10 |
is the one in /usr/bin. Since you don't have direct accidental access |
| 11 |
to that as either considered user, it's not a risk. |
| 12 |
|
| 13 |
Again with the calling me undercaffeinated if I'm missing something. |
| 14 |
|
| 15 |
But as to the being bad, I don't see how it's not an entirely moot point. |
| 16 |
|
| 17 |
You give them root access one way or the other, be it directly, or |
| 18 |
indirectly quite simply because you allow them full access to the |
| 19 |
filesystem through emerge - you have to, or emerge wouldn't work. If |
| 20 |
they wanted to be bad, they could do what they wanted anyhow - say, |
| 21 |
make a portage package that'd have the added featuer of also mailing |
| 22 |
them the password shadow file. |
| 23 |
|
| 24 |
If this needs to work, and cleanly, it needs to be authentication |
| 25 |
within emerge, as far as I can see. |
| 26 |
|
| 27 |
--Bart Alewijnse |
| 28 |
|
| 29 |
-- |
| 30 |
gentoo-security@g.o mailing list |
Archives