From owner-freebsd-stable Sat Dec 23 10:44:35 2000 From owner-freebsd-stable@FreeBSD.ORG Sat Dec 23 10:44:30 2000 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from johnson.mail.mindspring.net (johnson.mail.mindspring.net [207.69.200.177]) by hub.freebsd.org (Postfix) with ESMTP id 48DE137B400 for ; Sat, 23 Dec 2000 10:44:30 -0800 (PST) Received: from freebsd.mindspring.com (user-33qtbvm.dialup.mindspring.com [199.174.175.246]) by johnson.mail.mindspring.net (8.9.3/8.8.5) with ESMTP id NAA07569 for ; Sat, 23 Dec 2000 13:44:29 -0500 (EST) Received: by freebsd.mindspring.com (8.11.1/8.11.1) id eBNIi3500541 for freebsd-stable@freebsd.org; Sat, 23 Dec 2000 12:44:03 -0600 (CST) (envelope-from david) Date: Sat, 7 Oct 2000 03:14:16 -0500 From: "David J. Kanter" To: FreeBSD stable Subject: Security problem with "script"? Message-ID: <20001007031416.A1389@freebsd.mindspring.com> Mail-Followup-To: FreeBSD stable Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Operating-System: FreeBSD 4.1.1-RELEASE Lines: 16 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I don't know if this is an issue or not, but using the script program with sudo seems to switch the sudoer's id to root. Here's an example: david@/usr/src % whoami david david@/usr/src % sudo script /usr/tmp/buildworld Script started, output file is /usr/tmp/buildworld root@/usr/src % whoami root root@/usr/src % Is this a security problem? -- David Kanter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message