Date: Sat, 07 Oct 2000 12:07:39 -0600 From: Warner Losh <imp@village.org> To: "David J. Kanter" <david.kanter@mindspring.com> Cc: FreeBSD stable <freebsd-stable@FreeBSD.ORG> Subject: Re: Security problem with "script"? Message-ID: <200010071807.MAA01420@harmony.village.org> In-Reply-To: Your message of "Sat, 07 Oct 2000 03:14:16 CDT." <20001007031416.A1389@freebsd.mindspring.com> References: <20001007031416.A1389@freebsd.mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20001007031416.A1389@freebsd.mindspring.com> "David J. Kanter" writes: : I don't know if this is an issue or not, but using the script program with : sudo seems to switch the sudoer's id to root. : : Here's an example: : : david@/usr/src % whoami : david : david@/usr/src % sudo script /usr/tmp/buildworld : Script started, output file is /usr/tmp/buildworld : root@/usr/src % whoami : root : root@/usr/src % : : Is this a security problem? No. script forks a shell. sudo tells you to do that as root. It is merely complying. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010071807.MAA01420>