[sudo-users] How to preserve functions in scripts for calling by sudo?
L. A. Walsh
sudo at tlinx.org
Fri Jun 2 15:10:10 MDT 2017
Todd C. Miller wrote:
> On Fri, 02 Jun 2017 02:01:59 -0700, "L. A. Walsh" wrote:
>> Unfortunately, it seems sudo is removing all of the
>> functions passed in the environment even though I have
>> !env_reset in my config file.
>> How do I allow root to run the functions in my script without having
>> to run as root all-the-time when the script is running.
>> Seems like requiring root to be used all the time rather than for
>> a few tightly controlled functions is considerably more risky.
> Currently, sudo always strips out bash functions from the environment
> even when env_reset is disabled.
> When env_reset is *not* disabled, you can add specific bash functions
> to the env_keep list.
Why would sudo not allow functions to be kept via the env_keep
list, when the user specifies that they don't want to env to be
reset in the first place?
But major problem -- having to list all the functions used in
every shell script used to manage the system seems excessively onerous.
(Note: I am going to split this note, as its getting way too long).
As one example: I develop several functions that can be read
in via an 'include' (not the builtin 'source') that, will
accept a path relative to the system PATH and find it (it
also ignores attempts to include a module twice as some
modules 'include' other modules). Most of those modules
are only usable by calling the function inside them.
So root could continue to run the scripts that manage my system,
I wrote 'Needroot.shh' (akin to using heavy explosives to
kill a fly). How else were scripts to run their functions when
they were disabled by sudo? Overnight, the codebase went from
~100 lines of sensitive code (or attack surface) to *thousands*
of lines of such code.
So now, I've no way to call most of the library functions
as root unless I run the whole program as root. It seems
others have a different measure of security than I do.
It's bad enough for my use, but when distributing them,
some will point out that I should elevate the code
where needed rather than for the whole program. Running
the whole program as root is asking for problems -- especially
in development. ... (more later)...
More information about the sudo-users