[sudo-users] Checksum for executed scripts
Holger.vanKoll at swisscom.com
Holger.vanKoll at swisscom.com
Tue Aug 20 08:38:58 MDT 2013
like Todd already said you can use sha-2 digests
however, that's not enough to prevent your dba from gaining root-priviliges
root.sh calls (among other scripts) f.e. setowner.sh which sources in rootmacro.sh and so on
all of those scripts are normally writeable by oracle-user, so he could put any command in that would be executed as root
On Tue, Aug 20, 2013 at 8:20 AM, Oracle.Beratung at t-online.de < oracle.beratung at t-online.de> wrote:
> Hello,
>
> for some reasons I would like to have an MD5 checksum for scripts
> executed by sudo to be able to check that scripts executed via sudo
> but created by others contain what they have to contain.
>
> For example root.sh for Oracle installations.
>
> Because those scripts could be used as a backdoor to execute whatever
> someone wants as root user to make himself a superuser.
>
> A checksum would be a nice feature to make this safer.
>
>
>
> Mit freundlichem Gruß
> Gerald Röhrbein
> OraForecast.com the oh in Oracle
> Alter Fährberg 9
> 24814 Sehestedt
>
> Tel.: 0171 68 236 71
> Privat.: 04357 99583 76
> Fax: 04357 99583 79
>
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws> For list information,
> options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws> For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list