| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Bart Alewijnse wrote: |
| 5 |
| gentoo-security@l.g.o |
| 6 |
| |
| 7 |
|
| 8 |
| *specific* users to su to *specific* other users. So I don't seen a |
| 9 |
| reason you couldn't make a 'sudo su emerge' work with a passwordless |
| 10 |
| emerge account. |
| 11 |
| |
| 12 |
|
| 13 |
There in lies the security hole for sudo. Lets say you wanted to be bad |
| 14 |
and copy vim 'cp vim emerge' and get that into your path. sudo will |
| 15 |
check the command 'sudo su emerge' and then give you a root vim. While |
| 16 |
there are some steps to prevent this such as sudo stripping some env |
| 17 |
vars before running, (man sudo, look at environment) it's still |
| 18 |
dangerous. Sudo has no way to tell that the vim named emerge isn't |
| 19 |
really emerge. You could try to enforce full paths such as |
| 20 |
/usr/bin/emerge in your sudoers file. Still is risky if you ask me. |
| 21 |
|
| 22 |
As for the touch -m 440, I wasn't awake and confused it with mkdir -m, |
| 23 |
where it sets the mode of the dir. In any event, +w gives you the |
| 24 |
ability to delete files/subdirs EVEN if you don't own/have perms to |
| 25 |
them. Also +x only allows you to change into it. Basic UNIX file |
| 26 |
permissions guys. |
| 27 |
|
| 28 |
- -- |
| 29 |
Greg Watson |
| 30 |
Security and Technology Manager |
| 31 |
-----BEGIN PGP SIGNATURE----- |
| 32 |
Version: GnuPG v1.2.4 (GNU/Linux) |
| 33 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
| 34 |
|
| 35 |
iD8DBQFBCRkuij88q5/ZVdIRAo04AJ9iQKBQ/fba7D3dxUVO4lcqLvmeWACeKmmZ |
| 36 |
Z38GDdBRF2Poyd9v5OxSNso= |
| 37 |
=Ql3s |
| 38 |
-----END PGP SIGNATURE----- |
| 39 |
|
| 40 |
-- |
| 41 |
gentoo-security@g.o mailing list |
Archives