On 2019/12/05 06:24, Carlos E. R. wrote:
I thought that sudoers do not allow scripts, only binaries. Other people can alter the script and thus access any command. Security hole.
--- Whoever says sudo can execute script 'X' ensures it is only writeable or changeable by authorized users -- same issue that exists for binaries. I.e. I can put a fake /usr/bin/cp in place if 'cp' is writeable in /usr/bin. If it is not, then wouldn't it be a safe place to put a r+x script as well? I think you are confusing "setuid" being safe or not with scripts. Historically, that hasn't been safe on all OS's, because the OS invokes another program and then hands the name to it, there being a split between access check and privilege usage. I don't know if linux does it or not, but if the script's file-handle is passed to the interpreter instead, I believe that is supposed to be safe, but I wouldn't assume that is done anywhere until it was tested. I'd tend toward thinking it doesn't work since a program would have to be able to accept either a filename or file-handle to have that work. -l -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org