Bugtraq mailing list archives
Re: [ESA-20010711-02] sudo elevated privileges vulnerability
From: Steffen Dettmer <steffen () dett de>
Date: Tue, 17 Jul 2001 11:40:26 +0200
* Jonathan A. Zdziarski wrote on Mon, Jul 16, 2001 at 12:04 -0400:
If, however, you are looking for a good way to allow someone to edit files using sudo, and have already rejected the idea of using groups or acls, consider 'elvis'.
When you have a file writeable by root only, there's no need to run the whole edit session as sudo root. You could create some wrapper, which gets the file from a special non-privileged user and puts it - after some consitency checks - at the right place. Of course the file must not be a symlink and so on. By this, the wrapper can do a diff -u and mail the result to root if desired. I cannot understand why people run complex programs as root if they need the privilege for a few system calls only! oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Current thread:
- [ESA-20010711-02] sudo elevated privileges vulnerability EnGarde Secure Linux (Jul 11)
- Re: [ESA-20010711-02] sudo elevated privileges vulnerability Marlen Caemmerer (Jul 15)
- <Possible follow-ups>
- Re: [ESA-20010711-02] sudo elevated privileges vulnerability Jonathan A. Zdziarski (Jul 16)
- Re: [ESA-20010711-02] sudo elevated privileges vulnerability Steffen Dettmer (Jul 17)