emil.isberg at mds.mdh.se
Wed Dec 11 06:37:55 EST 2002
On Wed, 11 Dec 2002 mlh at zip.com.au wrote:
>Sudo is always an alternative to a setuid program.
Yes, sudo is an alternative to a setuid application, but not that good one
when it comes to noninteractive programs.
And I generally dislike scripts that are run from webpages...
Seldom I see proper security in those...
(There are many reasons behind that you can't do setuid scripts in modern
If you follow a simple guideline like KISS (keep it simple, stupid) then
it is much easier to get proper security without lacking needed
I think sudo is great, ofcourse I do... And I use it for most things I can
A similar sudo configuration as that program would give:
prompt$ cat script1
[ -z "$1" -o -z "$1" ] && echo 'Usage: script1 <alias> <target>' && exit
exec sudo /path/to/script2 "$1" "$2"
prompt$ cat script2
[ -z "$1" -o -z "$1" ] && echo 'Usage: script2 <alias> <target>' && exit
echo "$1": "$2" >> /path/to/aliasfile
prompt$ cat sudoconfig
nobody ALL = (root) /path/to/script2
It's still simple... But it's three processes involved instead of one.
Or perhaps you could use just two processes (by skipping the first
Most times there is more than one solution to a given problem.
I suggested two solutions that didn't involve sudo... And now I've
supplied one that does involve sudo...
Your program is sick! Shoot it and put it out of its memory.
More information about the sudo-users