Date: Sat, 23 Dec 2000 10:58:37 -0800 (PST) From: Tom <tom@uniserve.com> To: "David J. Kanter" <david.kanter@mindspring.com> Cc: FreeBSD stable <freebsd-stable@freebsd.org> Subject: Re: Security problem with "script"? Message-ID: <Pine.BSF.4.05.10012231056390.29829-100000@shell.uniserve.ca> In-Reply-To: <20001007031416.A1389@freebsd.mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 7 Oct 2000, David J. Kanter wrote: > I don't know if this is an issue or not, but using the script program with > sudo seems to switch the sudoer's id to root. > > Here's an example: > > david@/usr/src % whoami > david > david@/usr/src % sudo script /usr/tmp/buildworld > Script started, output file is /usr/tmp/buildworld > root@/usr/src % whoami > root > root@/usr/src % I don't know why mail from October is resurfacing. But this is not a security problem. Configuring sudo to allow users to start a shell, or start something that starts a shell is silly. Tom Uniserve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10012231056390.29829-100000>