Re: Sudo from scripts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2008-11-18 at 03:16 +0000, g wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Patrick O'Callaghan wrote:
> 
> > You can do that if you're root. Otherwise you can't. You can do lots of
> > idiotic things as root. What's your point?
> 
> in jerry's comment;
>  'Giving root ownership to a script IMHO is a security issue.'
> led me to believe that ability to do so by normal user was still unchanged.

The ability to do what? Give root ownership to a script? It is
unchanged. Once again: only root can change ownership.

In any case, the owner of the script is only security-relevant in two
cases: 1) if it allows someone to edit the script who normally couldn't,
or 2) if the script is setuid. Of course it could also change who can
*execute* the script, but if it's not setuid they'll be doing it as
themselves, not as the owner.

> having read 'chown(2)' and trying it to see just what occurred, now shows
> me that it has been changed.

What exactly has changed?

> i had hopes that it would be corrected, i have never checked or tried to
> do so. as i have never had reason to do, because if i ever need to do
> something of 'root' level, i have always changed to 'root'.

Meaning you'll be running scripts as root, same as everyone. The only
difference is that you have to supply the root password to get there.
Once past that hurdle, the situation is exactly the same as using
setuid.

poc

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux