From owner-freebsd-stable  Sat Oct  7 13:51:39 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from rucus.ru.ac.za (rucus.ru.ac.za [146.231.29.2])
	by hub.freebsd.org (Postfix) with SMTP id 1E81D37B66D
	for <stable@freebsd.org>; Sat,  7 Oct 2000 13:51:35 -0700 (PDT)
Received: (qmail 31388 invoked by uid 1003); 7 Oct 2000 20:51:32 -0000
Date: Sat, 7 Oct 2000 22:51:32 +0200
From: Neil Blakey-Milner <nbm@mithrandr.moria.org>
To: Chris BeHanna <behanna@zbzoom.net>
Cc: FreeBSD-Stable <stable@freebsd.org>,
	"David J. Kanter" <david.kanter@mindspring.com>
Subject: Re: Security problem with "script"?
Message-ID: <20001007225132.A29035@mithrandr.moria.org>
References: <200010071807.MAA01420@harmony.village.org> <Pine.BSF.4.21.0010071640460.7433-100000@topperwein.dyndns.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.21.0010071640460.7433-100000@topperwein.dyndns.org>; from behanna@zbzoom.net on Sat, Oct 07, 2000 at 04:41:13PM -0400
Organization: Sunesi Clinical Systems
X-Operating-System: FreeBSD 4.1-STABLE i386
X-URL: http://rucus.ru.ac.za/~nbm/
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat 2000-10-07 (16:41), Chris BeHanna wrote:
> > No.  script forks a shell.  sudo tells you to do that as root.  It is
> > merely complying.
> 
>     Er, wouldn't that give a user root access to do anything he or she
> wanted?

If you set up 'sudo' to let someone run 'script' as root, yes.  It has
nothing to do with 'script', it's the fact 'sudo' runs it as root.  For it
to do that, you need to set it up to do that.

Neil
-- 
Neil Blakey-Milner
nbm@mithrandr.moria.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message