Q: A question of security vulnerability
Jim Choate
ravage at einstein.ssz.com
Thu May 8 19:34:15 PDT 2003
Given a basic Linux (or *nix) system with a user bob. Assume that bob has
sudo capability. There are two approaches (I'm not going to use exact
syntax):
1. bob sh
2. bob All
So, in the first case bob can: sudo sh -c "foo"
and in the second bob can: sudo foo
Why would the first approach represent a more secure mechanism?
It is true that sh could be a wrapper or have sticky bits, etc. We'll
assume these are not an issue. The point being why is running a program
directly as root in this manner less secure than running the program
through a shell as root?
Example? Explanation?
Thanks.
--
____________________________________________________________________
We are all interested in the future for that is where you and I
are going to spend the rest of our lives.
Criswell, "Plan 9 from Outer Space"
ravage at ssz.com jchoate at open-forge.org
www.ssz.com www.open-forge.org
--------------------------------------------------------------------
More information about the cypherpunks-legacy
mailing list