[sudo-users] sudo from (CGI) scripts

Christoph Anton Mitterer calestyo at scientia.net
Sun Jan 8 11:10:29 EST 2012


sudo has already some nice options to have it run from (especially CGI) 
scripts (i.e. -"n")... imagine it would accidentally try to read a 
password and hang there for ever, allowing eventually a DoS attack via 
the webserver.

What I miss is a functionally to override the output in case of _any_ 
error (especially when a user is simply denied to do anything,.. not 
just because he entered a wrong password).
With CGI scripts this could be used to return some reasonable answer to 
the httpd server, e.g. something like:
"Status: 403 Forbidden\n\n" (following printf(3) format strings).

Could something like this be added?


More information about the sudo-users mailing list