Subject: Re: [firstname.lastname@example.org: [Global InterSec 2002041701] Sudo
To: Oleg Polyanski <Oleg.Polianski@clear.co.nz>
From: Greg A. Woods <email@example.com>
Date: 04/26/2002 19:01:33
[ On Friday, April 26, 2002 at 21:04:36 (+1200), Oleg Polyanski wrote: ]
> Subject: Re: [firstname.lastname@example.org: [Global InterSec 2002041701] Sudo Password Prompt Vulnerability.]
> email@example.com (Greg A. Woods) writes:
> > A proper dedicated set-ID program that can't be mis-configured so
> > easily would be an almost infinitely better alternative than sudo.
> Would you ever consider making the `umount(8)' program set-ID only
> just to let somebody to unmount CD-ROM / floppy drive?
No, absolutely not. I wouldn't write a set-ID-root wrapper program that
called umount(8) either -- I'd write a wrapper that called umount(2)
after carefully validating all the necessary parameters (or rather I'd
borrow and carefully read and test one of the several existing version :-)
> Again, you can't delegate permissions to a dedicated user in order
> to let them to unmount a volume.
It's just a small matter of programming.....
Greg A. Woods
+1 416 218-0098; <firstname.lastname@example.org>; <email@example.com>; <firstname.lastname@example.org>
Planix, Inc. <email@example.com>; VE3TCP; Secrets of the Weird <firstname.lastname@example.org>