From owner-freebsd-stable Sun Oct 8 15:46: 6 2000 Delivered-To: freebsd-stable@freebsd.org Received: from topperwein.dyndns.org (acs-24-154-28-99.zoominternet.net [24.154.28.99]) by hub.freebsd.org (Postfix) with ESMTP id 3532F37B503 for ; Sun, 8 Oct 2000 15:46:04 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by topperwein.dyndns.org (8.11.0/8.11.0) with ESMTP id e98Mk3r00717; Sun, 8 Oct 2000 18:46:13 -0400 (EDT) (envelope-from behanna@zbzoom.net) Date: Sun, 8 Oct 2000 18:46:03 -0400 (EDT) From: Chris BeHanna Reply-To: behanna@zbzoom.net To: Warner Losh Cc: FreeBSD-Stable Subject: Re: Security problem with "script"? In-Reply-To: <200010072350.RAA00780@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 7 Oct 2000, Warner Losh wrote: > In message Chris BeHanna writes: > : Er, wouldn't that give a user root access to do anything he or she > : wanted? > > Yes. That's the logical conclusion if you give someone shell access, > or access to any program that can fork a shell. "TOYOTA: You asked > for it, you got it." Dammit, Warner. Now I can't get that old man (the guy with the bad teeth from Prizzi's Honor) out of my mind. He played a senile guy in another movie, and there's a scene where a guy and his wife (it's the wife's father) are driving down the road with the old guy in the back seat, and he just keeps repeating, "You asked for it; you got it. Toyoooota!" I read up a bit on sudo and its config file, and I now realize what a dumb question I asked. -- Chris BeHanna Software Engineer (at yourfit.com) behanna@zbzoom.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message