Michael Schwarz wrote:
The problem with that approach is that it opens up the applications in
question to *any parameters* unlike the setuid C program which hardcodes the
parameters to the commands.
Take a look at the man page for sudo. It can limit which parameters can
be used. You can restrict it so that they can not execute commands with
arbitrary arguments.
Michael
-
To unsubscribe from this list: send the line "unsubscribe linux-raid" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
