From owner-freebsd-stable Sat Oct 7 13:51:18 2000 Delivered-To: freebsd-stable@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 5117C37B502 for ; Sat, 7 Oct 2000 13:51:14 -0700 (PDT) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id DA0B11C6A; Sat, 7 Oct 2000 16:51:01 -0400 (EDT) Date: Sat, 7 Oct 2000 16:51:01 -0400 From: Bill Fumerola To: Chris BeHanna Cc: FreeBSD-Stable Subject: Re: Security problem with "script"? Message-ID: <20001007165101.Q38472@jade.chc-chimes.com> References: <200010071807.MAA01420@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from behanna@zbzoom.net on Sat, Oct 07, 2000 at 04:41:13PM -0400 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Oct 07, 2000 at 04:41:13PM -0400, Chris BeHanna wrote: > > : david@/usr/src % whoami > > : david > > : david@/usr/src % sudo script /usr/tmp/buildworld > > : Script started, output file is /usr/tmp/buildworld > > : root@/usr/src % whoami > > : root > > : root@/usr/src % > > : > > : Is this a security problem? > > > > No. script forks a shell. sudo tells you to do that as root. It is > > merely complying. > > Er, wouldn't that give a user root access to do anything he or she > wanted? Isn't that the point of sudo? I can't believe this thread even exists... -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message