From owner-freebsd-stable@FreeBSD.ORG  Sat Apr 28 18:04:30 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id AB9B11065673
	for <freebsd-stable@freebsd.org>; Sat, 28 Apr 2012 18:04:30 +0000 (UTC)
	(envelope-from lists@opsec.eu)
Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1])
	by mx1.freebsd.org (Postfix) with ESMTP id 615288FC17
	for <freebsd-stable@freebsd.org>; Sat, 28 Apr 2012 18:04:30 +0000 (UTC)
Received: from pi by home.opsec.eu with local (Exim 4.77 (FreeBSD))
	(envelope-from <lists@opsec.eu>) id 1SOC0V-0007fO-Di
	for freebsd-stable@freebsd.org; Sat, 28 Apr 2012 20:04:31 +0200
Date: Sat, 28 Apr 2012 20:04:31 +0200
From: Kurt Jaeger <lists@opsec.eu>
To: freebsd-stable@freebsd.org
Message-ID: <20120428180431.GP5335@home.opsec.eu>
References: <CACuV5sCyCgn8aBawTEP=BT++4Ut4kPt8fXSq+gcS2YrkZaU+Jw@mail.gmail.com>
	<E1SO2ER-000K66-8k@kabab.cs.huji.ac.il>
	<CACuV5sCHmnUnXTTY+kGqszi-Ynu8Vr3bf+LALf=yQbhHPXSdXA@mail.gmail.com>
	<4F9BBABA.6040708@rdtc.ru>
	<0F37A1B9-993B-4A4E-9FCC-8B19AADCFB72@punkt.de>
	<20120428102117.GX37811@e-new.0x20.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20120428102117.GX37811@e-new.0x20.net>
Subject: Re: Restricting users from certain privileges
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Apr 2012 18:04:30 -0000

Hi!

> > > Please do study sudo real power :-)
> > > It can give selective privileges per-command,
[...]
> > Just make sure none of the permitted commands has got the
> > feature of starting a shell ;-))
> 
> Right, think of vi(1), less(1), et al.

Even this aspect is taken care of with sudo (at least to a certain limit):

       NOEXEC and EXEC

       If sudo has been compiled with noexec support and the underlying
       operating system supports it, the NOEXEC tag can be used to prevent a
       dynamically-linked executable from running further commands itself.

       In the following example, user aaron may run /usr/bin/more and
       /usr/bin/vi but shell escapes will be disabled.

        aaron  shanty = NOEXEC: /usr/bin/more, /usr/bin/vi

       See the "PREVENTING SHELL ESCAPES" section below for more details on
       how NOEXEC works and whether or not it will work on your system.

-- 
pi@opsec.eu            +49 171 3101372                         8 years to go !