From owner-freebsd-stable Sat Oct 7 13:40:44 2000 Delivered-To: freebsd-stable@freebsd.org Received: from topperwein.dyndns.org (acs-24-154-28-99.zoominternet.net [24.154.28.99]) by hub.freebsd.org (Postfix) with ESMTP id 62F5C37B503 for ; Sat, 7 Oct 2000 13:40:36 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by topperwein.dyndns.org (8.11.0/8.11.0) with ESMTP id e97KfDg07623 for ; Sat, 7 Oct 2000 16:41:13 -0400 (EDT) (envelope-from behanna@zbzoom.net) Date: Sat, 7 Oct 2000 16:41:13 -0400 (EDT) From: Chris BeHanna Reply-To: behanna@zbzoom.net To: FreeBSD-Stable Subject: Re: Security problem with "script"? In-Reply-To: <200010071807.MAA01420@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 7 Oct 2000, Warner Losh wrote: > In message <20001007031416.A1389@freebsd.mindspring.com> "David J. Kanter" writes: > : I don't know if this is an issue or not, but using the script program with > : sudo seems to switch the sudoer's id to root. > : > : Here's an example: > : > : david@/usr/src % whoami > : david > : david@/usr/src % sudo script /usr/tmp/buildworld > : Script started, output file is /usr/tmp/buildworld > : root@/usr/src % whoami > : root > : root@/usr/src % > : > : Is this a security problem? > > No. script forks a shell. sudo tells you to do that as root. It is > merely complying. Er, wouldn't that give a user root access to do anything he or she wanted? -- Chris BeHanna Software Engineer (at yourfit.com) behanna@zbzoom.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message