[sudo-users] Running scripts under sudo (secure_path)
cbyhyh at yahoo.com
Tue Aug 24 04:52:45 EDT 2004
Shell scripts tend to contain many invokations of
programs which are located via the user's PATH.
If sudo is used to run shell scripts, the user could
create a script called (let's say) "ls" in their home
directory and add the home directory to the start of
their PATH. Then if the sudo-ed script contained an
"ls" command, the user's script would get executed
instead of /usr/bin/ls
Am I therefore correct in assuming that if you are
intending to run shell scripts via sudo that you MUST
compile sudo with the --with-secure-path option?
It seems too risky not to do this any command invoked
in a script without its full pathname could be
subverted by a user.
(Presumably this would also apply to a compiled
program which spawned a child via exec?p, popen or
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
More information about the sudo-users