sudo is actually almost never secure. As you imply, with line 1 bob can do _anything_ just like line 2. Here are some more less obvious examples where bob can do _anything_ 1. bob pine 2. bob vi 3. bob chown 4. bob chmod With any of the 4 above, bob can do anything. With 1 or 2, bob can run any command from within the program (! is allowed in vi, and if you set $EDITOR to vi before running pine...) In 3 and 4, bob can make setuid programs or change perms on /etc and put his own passwd/shadow files in place. Bottom line, if you give someone sudo access you should tgrust them to be root, OR you should only allow them to run very specific _scripts/binaries_ that you wrote for them specifically (e.g. chown_files_to_others_in_his_primary_group, restart_lpd, restart_httpd...) And here you still have to be careful about these programs.... On Thu, May 08, 2003 at 09:34:15PM -0500, Jim Choate wrote:
Given a basic Linux (or *nix) system with a user bob. Assume that bob has sudo capability. There are two approaches (I'm not going to use exact syntax):
1. bob sh
2. bob All
So, in the first case bob can: sudo sh -c "foo"
and in the second bob can: sudo foo
Why would the first approach represent a more secure mechanism?
It is true that sh could be a wrapper or have sticky bits, etc. We'll assume these are not an issue. The point being why is running a program directly as root in this manner less secure than running the program through a shell as root?
Example? Explanation?
Thanks.
-- ____________________________________________________________________
We are all interested in the future for that is where you and I are going to spend the rest of our lives.
Criswell, "Plan 9 from Outer Space"
ravage@ssz.com jchoate@open-forge.org www.ssz.com www.open-forge.org --------------------------------------------------------------------
-- Wayne Walker www.broadq.com :) Bringing digital video and audio to the living room