On Sat, 10 May 2003, Thomas Shaddack wrote:
For a limited set of specific tasks, there is a workaround. Have a directory to which the user has write access, have a script run every minute or every 5 minutes or so from crontab that checks if there is a file with specified name there, and if so, do an action and erase the file.
I solved the problem when one of our programmers needed to occassionally restart Apache to which he did not have the rights. Instead of messing with sudo and taking the risk, he now just has to do "touch /var/cmd/apacherestart" and in next couple minutes it gets done.
This trick can be used even for passing commands, which then can be put into the file (echo "commands" > /var/cmd/whatevercommandfile) and the script then reads them from there (and checks the syntactical validity of the arguments to prevent eventual attack through this route).
I've used that sort of approach as well. With regard to the sh wrapper I mentioned earlier, I like chroot for that sort of stuff. One approach is that when the user executes the sh -c the sh wrapper creates a well know chroot sequence and perhaps copies information from the live file system into the chroot jail. Let's the user makes modes, and when the "foo" command quits the script can then evaluate the results (for example greping for changes to itself in all files in the chroot jail. Assuming it looks ok it can cp the changes back to the live filesystem and away you go.
Should be bulletproof.
I -never- make that claim ;) -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage@ssz.com jchoate@open-forge.org www.ssz.com www.open-forge.org --------------------------------------------------------------------