1 |
Couldn't you just do: |
2 |
sudo su - emerge -c '/usr/bin/emerge' |
3 |
and then set up sudoers to only allow that command? |
4 |
|
5 |
On Thu, 2004-07-29 at 10:49, Bart Alewijnse wrote: |
6 |
> Errm. I was referring to the *user* 'emerge' - I wasn't aware you can |
7 |
> use su to execute binaries. sudo, yes, but su? 'sudo su emerge' would |
8 |
> cause sudo to run su with the command line parameter 'emerge' which |
9 |
> can only be a username - rather than hand sudo two executable names, |
10 |
> right? |
11 |
> But if you're paranoid, you could likely require the path to emerge in |
12 |
> sudoers, so that it'd have to be |
13 |
> 'sudo su /usr/bin/emerge' - or possibly just that it'd only accept |
14 |
> running emerge if the actual emerge binary being suggested for running |
15 |
> is the one in /usr/bin. Since you don't have direct accidental access |
16 |
> to that as either considered user, it's not a risk. |
17 |
> |
18 |
> Again with the calling me undercaffeinated if I'm missing something. |
19 |
> |
20 |
> But as to the being bad, I don't see how it's not an entirely moot point. |
21 |
> |
22 |
> You give them root access one way or the other, be it directly, or |
23 |
> indirectly quite simply because you allow them full access to the |
24 |
> filesystem through emerge - you have to, or emerge wouldn't work. If |
25 |
> they wanted to be bad, they could do what they wanted anyhow - say, |
26 |
> make a portage package that'd have the added featuer of also mailing |
27 |
> them the password shadow file. |
28 |
> |
29 |
> If this needs to work, and cleanly, it needs to be authentication |
30 |
> within emerge, as far as I can see. |
31 |
> |
32 |
> --Bart Alewijnse |
33 |
> |
34 |
> -- |
35 |
> gentoo-security@g.o mailing list |
36 |
-- |
37 |
Matthew Baxa <mbaxa@×××××××.edu> |
38 |
Applications Services Administrator |
39 |
K-State University Office of Mediated Education |
40 |
http://www.dce.ksu.edu |
41 |
|
42 |
Public key ID: 982330F8 |
43 |
Public key available at: www.keyserver.net |