> The problem is you're running an untrusted script. A > malicious unprivileged script can still use any number of > tricks to get you to elevate its privileges, or give it > information it needs. A simple example is moving the > payload to the install: section of the Makefile.
You see that's why I install all my compiled software as a user to a custom directory, so that wouldn't work, and asking me for a password would definitely trigger a "what ?" reaction, so I'd definitely go for that, instead of giving access to any program/script/etc.. to just do a "pfexec" and do whatever it wants with my system. > Or, sudo/pfexec would need to be run in some sort of > UI sandbox to protect the rest of the system from you, > things pretending to be you, or things pretending to be > sudo. reminded me of: http://lkml.org/lkml/2009/5/26/269 -- This message posted from opensolaris.org _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
