From owner-freebsd-stable Sat Oct 7 2:14:46 2000 Delivered-To: freebsd-stable@freebsd.org Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139]) by hub.freebsd.org (Postfix) with ESMTP id ED91737B502 for ; Sat, 7 Oct 2000 02:14:44 -0700 (PDT) Received: by static.unixfreak.org (Postfix, from userid 1000) id 9B3621F19; Sat, 7 Oct 2000 02:14:43 -0700 (PDT) Subject: Re: Security problem with "script"? In-Reply-To: <20001007031416.A1389@freebsd.mindspring.com> "from David J. Kanter at Oct 7, 2000 03:14:16 am" To: "David J. Kanter" Date: Sat, 7 Oct 2000 02:14:43 -0700 (PDT) Cc: FreeBSD stable From: Dima Dorfman Reply-To: dima@unixfreak.org X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <20001007091443.9B3621F19@static.unixfreak.org> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I don't know if this is an issue or not, but using the script program with > sudo seems to switch the sudoer's id to root. > > Here's an example: > > david@/usr/src % whoami > david > david@/usr/src % sudo script /usr/tmp/buildworld > Script started, output file is /usr/tmp/buildworld > root@/usr/src % whoami > root > root@/usr/src % > > Is this a security problem? Maybe it's the lack of caffeine or sleep, but I fail to see the problem here. Sudo is supposed to run the command you give it as a different user. If you don't specify one with the -u flag, it assumes you want to run it as root. It looks like it did exactly what you asked of it. Hope this helps -- Dima Dorfman Finger dima@unixfreak.org for my public PGP key. Drive defensively; buy a tank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message