martin f krafft <[EMAIL PROTECTED]> writes: > * William R. Ward <[EMAIL PROTECTED]> [2001.11.29 18:00:40-0800]: > > Question: Is it generally considered secure enough to sudo a bash > > script like your sucpaliases? Or should a C equivalent be written > > instead? > > no. especially not the quick'n'dirty version that alvin posted. i am > not criticizing, but there is an art to writing secure shell scripts. > i can't give you full details, but two things that you should *never* > forget is using absolute paths for binaries only. in addition, set > your PATH to the standard explicitly. [example snipped]
Right; but assumin gone takes care of this kind of issue, is there anything inherently unsafe about running shell scripts through sudo? I understand that there are risks of race conditions with setuid shell scripts, and so they are disabled on most Linux boxen. Is that also an issue for sudo shell scripts? --Bill. -- William R Ward [EMAIL PROTECTED] http://www.wards.net/~bill/ ----------------------------------------------------------------------------- If you're not part of the solution, you're part of the precipitate.
