Date: Tue, 10 Jun 2003 00:37:04 -0700 (PDT) From: Jason Stone <freebsd-security@dfmm.org> To: <security@freebsd.org> Subject: Re: Removable media security in FreeBSD Message-ID: <20030610003528.J14379-100000@walter> In-Reply-To: <4.3.2.7.2.20030610010227.02a68ed0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > >> Allowing the user to use sudo would effectively be giving him/her root > >> privileges, which we explicitly don't want to do. > > > >No it wouldn't. You can specify the commands that you allow each user to > >run. > > Ah, but letting the user mount and unmount things effectively lets > that person do anything he or she wants, by switching around what's > mounted at key mountpoints. No - in the sudo config you can (actually, _must_) specify not just the command but (all) the arguments. -Jason -------------------------------------------------------------------------- Freud himself was a bit of a cold fish, and one cannot avoid the suspicion that he was insufficiently fondled when he was an infant. -- Ashley Montagu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE+5YqgswXMWWtptckRAnP7AJ9jkM40BsuK/lrkUV34pHYAWjUnhwCffi+h r7Y/LspVB3IzqJZsCr4ZSsk= =ipU5 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030610003528.J14379-100000>