chmod wrapper

bmonroe bmonroe at zipcon.net
Mon Mar 29 17:28:18 EST 2004


Bob,

> > Cmnd_Alias      FILE_MOD =      /usr/bin/chgrp

> I assume you meant chmod in both of the above and the chgrp is an
> error?  Assuming that I will continue.

Yes indeed that was an error on my part...wasn't looking what I was
copying and pasting.

> It seems very dangerous in general to me, because I don't know what
> you are trying to do, to allow chmod as root as a general case.  I
> think sudo access to chmod extremely bad.  I can think of any number
> of ways to expoit it.  But if you were going to allow it should be
> just what you want.

Yes, I understand the risk involved.  I need our developers to be able to
modify file permissions but not be able to turn on set-uig or set-gid bit.
Unfortunately it is not for me to decide the level of security they get.
:( They wrote crappy code and I'm the one that needs to massage the
security to fit their needs.  Anyway, I digress.  On the bright side, if
you saw what it was before sudo was implemented, you would probably either
choke in disgust or laugh your head off (they had root and umask was 000).

> If I can fool your ! patterns then I can sneak through.  I don't know
> if there are holes there but it seems a prime target.  Leading zeros
> come to mind, it is an octal number after all.  I will propose that
> any particular allow-all-except-pattern will have weaknesses to be
> exploited except in the case that you are very careful.

I agree but alas, their voices are louder then mine. :(

Thanks
--Brett



More information about the sudo-workers mailing list