Do I understand sudo correctly?

eric forgette forgettee at DOMRES.COM
Wed Feb 23 14:32:21 EST 2000

	First, I'd like to apologize to the list moderator for starting this
	Second, some email tends to be misinterpreted on occasion, as it can
not portray tone as speech can.  I don't mean this email to sound defensive,
or harsh, this is just information...
	Third, I'm not a security expert by any means, but I'll do my best
to address this (as concise as possible)

	Basically, not setting user set-id / allowing a sudo user to execute
a script as root is straight out of the Admin's Bible.
	Although most admins wouldn't call their scripts 'quick hacks' : ) ,
there is some inherent risk in allowing scripts to run as root.  You have
hit on the main issue in your question.  Basically if the author of the
script doesn't supply full paths to executables, handle errors correctly,
redefine path in the env, etc... he/she is asking for trouble.  These are
just basic things, I'm sure more seasoned admins can tell you more.  I guess
what it comes down to is, who is who knows more... the author of the
particular script or the hacker who is trying to abuse it.

	You may want to consider setting up aliases to simplify things for
the Teachers... or challenge them to learn...


	From:	Chris Hobbs at chobbs on 02/23/2000 09:50 AM

	To:	sudo-users at at SMTP@Exchange

	Subject:	Re: Do I understand sudo correctly?

	Eric's solution was certainly clever - I didn't realize that you
could be
	that finegrained with the aliasing. As my student ID's all start
with the
	same three digit block, this could actually work for us. 

	My problem is that there are several tasks that must be done for a
	student, and three for just changing a password (passwd, smbpasswd,
	the NIS maps). My concern is that if I don't make it relatively easy
	the teachers to do this, they'll screw it up :-)

	I guess my question is, on what basis do people feel that scripts
	inherently more dangerous than other programs? Is it because they're
	usually just quick hacks where security is an afterthought at best?
	seems this doesn't _have_ to be an issue with a well thought out
	Logging can be done from within the script as well - Matthew had a
	point there.

	I certainly don't mean to call out Eric, who brought up this issue.
I had a
	long discussion on IRC the other night about this as well, and I'm
afraid I
	just don't understand the fear. 


	Matthew Hannigan wrote:
	> Chris,
	> I agree with Eric.   Not only is easier to secure, the logs
	> are more precise.
	> If you can't use the patterns as Eric suggested, then write
	> a minimal wrapper that just makes sure that the uid is not
	> root or bin say, or that the UID is in a particular range.
	> (e.g. greater than 100).  These wrappers should have a
	> 1-1 correspondence to the real programs.
	> Regards,
	>         -Matt
	> eric_forgette at on 22/02/2000 21:27:00
	> To: at
	> cc:     sudo-users at (bcc: Matthew
	> Subject:        Re: Do I understand sudo correctly?
	> Hey Chris.
	>      I don't suggest ever giving someone super user access to run
	> script, too
	> big of a security hole.
	> If you get creative with the students' user names, you wont need a
	> script.  If
	> you start your student's user names with stud, you could allow
	> teachers to
	> use the following alias:
	> Cmnd_Alias      UNIXPASS=/usr/bin/passwd stud????
	> Cmnd_Alias      SAMBAPASS=/usr/bin/smbpasswd stud????
	> They could then do...
	> sudo passwd studmary
	Chris Hobbs       Silver Valley Unified School District
	Head geek:              Technology Services Coordinator
	postmaster:               chobbs at
	PGP Key is available:

More information about the sudo-users mailing list