list management
Emil Isberg
emil.isberg at mds.mdh.se
Wed Dec 11 06:37:55 EST 2002
On Wed, 11 Dec 2002 mlh at zip.com.au wrote:
>Sudo is always an alternative to a setuid program.
Yes, sudo is an alternative to a setuid application, but not that good one
when it comes to noninteractive programs.
And I generally dislike scripts that are run from webpages...
Seldom I see proper security in those...
(There are many reasons behind that you can't do setuid scripts in modern
operating systems.)
If you follow a simple guideline like KISS (keep it simple, stupid) then
it is much easier to get proper security without lacking needed
functionality.
I think sudo is great, ofcourse I do... And I use it for most things I can
think of...
A similar sudo configuration as that program would give:
prompt$ cat script1
#! /bin/sh
[ -z "$1" -o -z "$1" ] && echo 'Usage: script1 <alias> <target>' && exit
exec sudo /path/to/script2 "$1" "$2"
prompt$ cat script2
#! /bin/sh
[ -z "$1" -o -z "$1" ] && echo 'Usage: script2 <alias> <target>' && exit
echo "$1": "$2" >> /path/to/aliasfile
newaliases
prompt$ cat sudoconfig
nobody ALL = (root) /path/to/script2
prompt$
It's still simple... But it's three processes involved instead of one.
Or perhaps you could use just two processes (by skipping the first
script)...
Most times there is more than one solution to a given problem.
I suggested two solutions that didn't involve sudo... And now I've
supplied one that does involve sudo...
--
Your program is sick! Shoot it and put it out of its memory.
More information about the sudo-users
mailing list