1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Bart Alewijnse wrote: |
5 |
| gentoo-security@l.g.o |
6 |
| |
7 |
|
8 |
| *specific* users to su to *specific* other users. So I don't seen a |
9 |
| reason you couldn't make a 'sudo su emerge' work with a passwordless |
10 |
| emerge account. |
11 |
| |
12 |
|
13 |
There in lies the security hole for sudo. Lets say you wanted to be bad |
14 |
and copy vim 'cp vim emerge' and get that into your path. sudo will |
15 |
check the command 'sudo su emerge' and then give you a root vim. While |
16 |
there are some steps to prevent this such as sudo stripping some env |
17 |
vars before running, (man sudo, look at environment) it's still |
18 |
dangerous. Sudo has no way to tell that the vim named emerge isn't |
19 |
really emerge. You could try to enforce full paths such as |
20 |
/usr/bin/emerge in your sudoers file. Still is risky if you ask me. |
21 |
|
22 |
As for the touch -m 440, I wasn't awake and confused it with mkdir -m, |
23 |
where it sets the mode of the dir. In any event, +w gives you the |
24 |
ability to delete files/subdirs EVEN if you don't own/have perms to |
25 |
them. Also +x only allows you to change into it. Basic UNIX file |
26 |
permissions guys. |
27 |
|
28 |
- -- |
29 |
Greg Watson |
30 |
Security and Technology Manager |
31 |
-----BEGIN PGP SIGNATURE----- |
32 |
Version: GnuPG v1.2.4 (GNU/Linux) |
33 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
34 |
|
35 |
iD8DBQFBCRkuij88q5/ZVdIRAo04AJ9iQKBQ/fba7D3dxUVO4lcqLvmeWACeKmmZ |
36 |
Z38GDdBRF2Poyd9v5OxSNso= |
37 |
=Ql3s |
38 |
-----END PGP SIGNATURE----- |
39 |
|
40 |
-- |
41 |
gentoo-security@g.o mailing list |