Subject: Re: [email@example.com: [Global InterSec 2002041701] Sudo Password Prompt Vulnerability.]
To: Oleg Polyanski <Oleg.Polianski@clear.co.nz>
From: Rasputin <firstname.lastname@example.org>
Date: 04/26/2002 11:12:11
* Oleg Polyanski <Oleg.Polianski@clear.co.nz> [020426 10:04]:
> email@example.com (Greg A. Woods) writes:
> > A proper dedicated set-ID program that can't be mis-configured so
> > easily would be an almost infinitely better alternative than sudo.
> Would you ever consider making the `umount(8)' program set-ID only
> just to let somebody to unmount CD-ROM / floppy drive?
That's not a dedicated program though is it?
A dedicated program would be a hardcoded version called
[u]mountcd that only handled the cd drive; I can't see a problem with
Ok, admittedly I didn't look hard...