From owner-freebsd-security  Mon Dec 10  8:19:15 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail2.uniserve.com (mail2.uniserve.com [204.244.156.10])
	by hub.freebsd.org (Postfix) with ESMTP id AE8CC37B419
	for <security@freebsd.org>; Mon, 10 Dec 2001 08:19:08 -0800 (PST)
Received: from landons.vpp-office.uniserve.ca ([216.113.198.10] helo=pirahna.uniserve.com)
	by mail2.uniserve.com with esmtp (Exim 3.13 #1)
	id 16DT8a-0001V5-00; Mon, 10 Dec 2001 08:18:41 -0800
Message-Id: <5.1.0.14.0.20011210081655.02664e30@pop.uniserve.com>
X-Sender: landons@pop.uniserve.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Mon, 10 Dec 2001 08:18:34 -0800
To: Peter Pentchev <roam@ringlet.net>,
	Sheldon Hearn <sheldonh@starjuice.net>
From: Landon Stewart <landons@uniserve.com>
Subject: Re: Accessing as root
Cc: Ronan Lucio <ronan@melim.com.br>, security@freebsd.org
In-Reply-To: <20011210180639.J757@straylight.oblivion.bg>
References: <60409.1008000194@axl.seasidesoftware.co.za>
 <60355.1008000080@axl.seasidesoftware.co.za>
 <60409.1008000194@axl.seasidesoftware.co.za>
Mime-Version: 1.0
Content-Type: multipart/alternative;
	boundary="=====================_258913658==_.ALT"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

--=====================_258913658==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed

At 06:06 PM 12/10/2001 +0200, Peter Pentchev wrote:
>On Mon, Dec 10, 2001 at 06:03:14PM +0200, Sheldon Hearn wrote:
> >
> >
> > On Mon, 10 Dec 2001 18:01:20 +0200, Sheldon Hearn wrote:
> >
> > > > I need to make some scripts to change the password and another
> > > > things like that need root permissions, but:
> > > >
> > > > How can I do it without opening a security hole in the server?
> > > > What is the best way to do it?
> > >
> > > 1) Limit exposure to just those commands that need privelege, by passing
> > >    your command as arguments to the su(1) command.
> >
> > This is stupid advice, sorry.
> >
> > You need to make your script setuid root (see chmod(1)).  If the script
> > is big, or does complex input handling, consider breaking out the part
> > that needs privelege into its own smaller script, called by a wrapper
> > that does input sanity checking.
> >
> > Ultimately, you want to limit the privelege to as little work as
> > possible.
>
>And then, of course, there is the security/sudo port, which lets you
>specify which uid's are allowed to execute which commands as root or
>whatever other uid, with or without passwords, with or without controlling
>terminals.

Yes, sudo is definately the BEST bet IMHO.  I would like to stress "execute 
*which* commands as root".  You can actually specify what commands are 
allowed to be executed and optionally with what parameters.




---
Landon Stewart


Right of Use Disclaimer:
"The sender intends this message for a specific recipient and, as it may 
contain information that is privileged or confidential, any use, 
dissemination, forwarding, or copying by anyone without permission from the 
sender is prohibited. Personal e-mail may contain views that are not 
necessarily those of the company."

--=====================_258913658==_.ALT
Content-Type: text/html; charset="us-ascii"

<html>
At 06:06 PM 12/10/2001 +0200, Peter Pentchev wrote:<br>
<blockquote type=cite class=cite cite>On Mon, Dec 10, 2001 at 06:03:14PM
+0200, Sheldon Hearn wrote:<br>
&gt; <br>
&gt; <br>
&gt; On Mon, 10 Dec 2001 18:01:20 +0200, Sheldon Hearn wrote:<br>
&gt; <br>
&gt; &gt; &gt; I need to make some scripts to change the password and
another<br>
&gt; &gt; &gt; things like that need root permissions, but:<br>
&gt; &gt; &gt; <br>
&gt; &gt; &gt; How can I do it without opening a security hole in the
server?<br>
&gt; &gt; &gt; What is the best way to do it?<br>
&gt; &gt; <br>
&gt; &gt; 1) Limit exposure to just those commands that need privelege,
by passing<br>
&gt; &gt;&nbsp;&nbsp;&nbsp; your command as arguments to the su(1)
command.<br>
&gt; <br>
&gt; This is stupid advice, sorry.<br>
&gt; <br>
&gt; You need to make your script setuid root (see chmod(1)).&nbsp; If
the script<br>
&gt; is big, or does complex input handling, consider breaking out the
part<br>
&gt; that needs privelege into its own smaller script, called by a
wrapper<br>
&gt; that does input sanity checking.<br>
&gt; <br>
&gt; Ultimately, you want to limit the privelege to as little work
as<br>
&gt; possible.<br><br>
And then, of course, there is the security/sudo port, which lets 
you<br>
specify which uid's are allowed to execute which commands as root 
or<br>
whatever other uid, with or without passwords, with or without
controlling<br>
terminals.</blockquote><br>
Yes, sudo is definately the BEST bet IMHO.&nbsp; I would like to stress
&quot;execute *which* commands as root&quot;.&nbsp; You can actually
specify what commands are allowed to be executed and optionally with what
parameters.<br><br>
<br><br>
<x-sigsep><p></x-sigsep>
<tt><font face="Courier New, Courier" color="#800080">---<br>
</font><font face="Courier New CE, Courier" color="#0000FF">Landon
Stewart<br><br>
<br>
</font><font face="Fixedsys" color="#C0C0C0">Right of Use
Disclaimer:<br>
&quot;The sender intends this message for a specific recipient and, as it
may contain information that is privileged or confidential, any use,
dissemination, forwarding, or copying by anyone without permission from
the sender is prohibited. Personal e-mail may contain views that are not
necessarily those of the company.&quot;<br>
</font></html>

--=====================_258913658==_.ALT--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message