Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 7 Oct 2000 22:51:32 +0200
From:      Neil Blakey-Milner <nbm@mithrandr.moria.org>
To:        Chris BeHanna <behanna@zbzoom.net>
Cc:        FreeBSD-Stable <stable@freebsd.org>, "David J. Kanter" <david.kanter@mindspring.com>
Subject:   Re: Security problem with "script"?
Message-ID:  <20001007225132.A29035@mithrandr.moria.org>
In-Reply-To: <Pine.BSF.4.21.0010071640460.7433-100000@topperwein.dyndns.org>; from behanna@zbzoom.net on Sat, Oct 07, 2000 at 04:41:13PM -0400
References:  <200010071807.MAA01420@harmony.village.org> <Pine.BSF.4.21.0010071640460.7433-100000@topperwein.dyndns.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat 2000-10-07 (16:41), Chris BeHanna wrote:
> > No.  script forks a shell.  sudo tells you to do that as root.  It is
> > merely complying.
> 
>     Er, wouldn't that give a user root access to do anything he or she
> wanted?

If you set up 'sudo' to let someone run 'script' as root, yes.  It has
nothing to do with 'script', it's the fact 'sudo' runs it as root.  For it
to do that, you need to set it up to do that.

Neil
-- 
Neil Blakey-Milner
nbm@mithrandr.moria.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001007225132.A29035>