On 17/02/2011 06:46 p.m., Steven D'Aprano wrote:
On Thu, 17 Feb 2011 19:44:20 +0000, Katie T wrote:
Running any kind of script sudo'd is a bad idea, it's very very hard (in
many cases impossible) to do securely. Root permissions in general
should only be used for what they're needed for and nothing else (that
means getting the permission, doing the stuff that needs to be done as
root, and then returning back to normal privs), anything else is just
asking for trouble.
I agree with your general point, but the specific point to avoid running
scripts with sudo? Are you sure you're not conflating sudo with setuid?
By my reading, sudo is far preferred over running scripts setuid root.
Linux, for example, simply will not run scripts setuid root because of
the security risk, while running things using sudo is considered best
practice, and much preferred over logging in as root. The idea of sudo is
to do exactly what you say: doing the stuff needed as root with elevated
permission, then returning to normal.
Maybe this is a bit OT, as it involves the OS and security system, but
considering the general knowledge assembled in this list and that it is
related to the thread.......
I've always asked myself why can't a program be used by users of a
certain group but run with the privileges of some other user, not
necessarily the one that uses it, but one created specifically for the
tasks the program is responsible for.
AFAIK in Linux a program will only run with the privileges of the user
who runs it.
But I can see no reason (other than it is not actually permitted by the
OS) that a program can't run with it's *own* privileges. Many a time I
have wanted to allow access to certain privileges to a user but *only*
through a program. As far as security is concerned it would be enough
that only root has permission to give the said program running
privileges (privileges different from those of the user that is actually
running it), that only allowed users may modify the program, and that
*other* users may only run it. This would address the issue of someone
modifying the program to gain access to it's privileges. Now, if someone
is able to gain illegal privileges to modify the program, then there
*is* a security hole and the program is not really the problem.
Am I misinformed and you can actually do this in Linux? Am I being naive
security wise?
--
http://mail.python.org/mailman/listinfo/python-list
