On 05/12/2019 09:24, Carlos E. R. wrote:
I thought that sudoers do not allow scripts, only binaries. Other people can alter the script and thus access any command. Security hole.
SUDO is a raft of security holes. So is SU So is PAM The whole setuid concept is security tunnel. There are many hi-risk situations like biological virus research labs were something akin to this would never be allowed. We'd be talking "Andromeda Strain" extinction event! https://en.wikipedia.org/wiki/Extraterrestrial_sample_curation But this is what the Gods of UNIX handed down to us and this is what we have to live with. Of you don't like it you can remove SUDO (and SU). If you really don't like it you can patch the kernel so that setuid can't happen. Category 5 containment. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org