I think a better answer is a quick and painless 'sudo' setup. It fixes your
local problem in a minute, and doesn't require any patches.
Simply put a command alias in your sudoers for bash -c scriptname. Another
common solution which is also terrible for security is a wrapper that execs
$1 and has u+s.
I really hope this -doesn't- go into the kernel, too many people like turning
on everything they see and advertising their server as "fully functional".
-d
p.s. I'm politely saying "bad bad bad idea" over and over.
"Preston F. Crow Adv94" wrote:
> Jesse Pollard:
> >I hope this doesn't get into the kernel. This weakness is very very bad.
>
> That's why I made it a config option. In most cases, people won't
> turn it on; distributions certainly won't turn it on. However, for
> very limited situations, it can be quite useful.
>
> In my case, we were switching from Solaris to Linux, and Solaris allowed
> suid scripts. We used a bunch of them, so all that had to be fixed before
> the Linux version could run. With suid scripts, it would have run
> immediately, and we could have fixed the security later.
>
> And while it's probably foolish, we don't really care much about security
> inside the firewall. All the stuff we care about is on NFS, anyway, so
> there's not any real hope of security to begin with.
>
> I hope this does make it into the kernel. Most people will just leave
> it off.
>
> --PC
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
-- "The difference between 'involvement' and 'commitment' is like an eggs-and-ham breakfast: the chicken was 'involved' - the pig was 'committed'."- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:26 EST