[hangar18-general] Q: A question of security vulnerability

[Thomas Shaddack]

On Fri, 9 May 2003, Wayne Walker wrote:
> Bottom line, if you give someone sudo access you should tgrust them to
> be root, OR you should only allow them to run very specific
> _scripts/binaries_ that you wrote for them specifically (e.g.
> chown_files_to_others_in_his_primary_group, restart_lpd,
> restart_httpd...)  And here you still have to be careful about these
> programs....

For a limited set of specific tasks, there is a workaround. Have a
directory to which the user has write access, have a script run every
minute or every 5 minutes or so from crontab that checks if there is a
file with specified name there, and if so, do an action and erase the
file.

I solved the problem when one of our programmers needed to occassionally
restart Apache to which he did not have the rights. Instead of messing
with sudo and taking the risk, he now just has to do "touch
/var/cmd/apacherestart" and in next couple minutes it gets done.

This trick can be used even for passing commands, which then can be put
into the file (echo "commands" > /var/cmd/whatevercommandfile) and the
script then reads them from there (and checks the syntactical validity
of the arguments to prevent eventual attack through this route).

Should be bulletproof.