Date: Sat, 7 Oct 2000 16:41:13 -0400 (EDT) From: Chris BeHanna <behanna@zbzoom.net> To: FreeBSD-Stable <stable@freebsd.org> Subject: Re: Security problem with "script"? Message-ID: <Pine.BSF.4.21.0010071640460.7433-100000@topperwein.dyndns.org> In-Reply-To: <200010071807.MAA01420@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 7 Oct 2000, Warner Losh wrote:
> In message <20001007031416.A1389@freebsd.mindspring.com> "David J. Kanter" writes:
> : I don't know if this is an issue or not, but using the script program with
> : sudo seems to switch the sudoer's id to root.
> :
> : Here's an example:
> :
> : david@/usr/src % whoami
> : david
> : david@/usr/src % sudo script /usr/tmp/buildworld
> : Script started, output file is /usr/tmp/buildworld
> : root@/usr/src % whoami
> : root
> : root@/usr/src %
> :
> : Is this a security problem?
>
> No. script forks a shell. sudo tells you to do that as root. It is
> merely complying.
Er, wouldn't that give a user root access to do anything he or she
wanted?
--
Chris BeHanna
Software Engineer (at yourfit.com)
behanna@zbzoom.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010071640460.7433-100000>