Date: Fri, 13 May 2011 17:34:45 -0400 From: Alejandro Imass <ait@p2ee.org> To: Chris Telting <christopher-ml@telting.org> Cc: freebsd-questions@freebsd.org, krad <kraduk@gmail.com> Subject: Re: Established method to enable suid scripts? Message-ID: <BANLkTikqTNgaqFoRc7keOU_kp6ofTOMk2g@mail.gmail.com> In-Reply-To: <4DCD02EF.7050808@telting.org> References: <4DC9DE2C.6070605@telting.org> <201105121657.57647.j.mckeown@ru.ac.za> <4DCBFC39.8060900@telting.org> <201105130932.32144.j.mckeown@ru.ac.za> <BANLkTin4rkQouSiOy4M1uu%2BqXSWJzF_STA@mail.gmail.com> <4DCD02EF.7050808@telting.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 13, 2011 at 6:07 AM, Chris Telting <christopher-ml@telting.org> wrote: > On 05/13/2011 01:32, krad wrote: [...] > me ask you.. is "sudo ping" acceptable? Please explain the logical reason > why not. It would be the preferred method if suid didn't exist and sudo was > part of the base system. The sudo versus suid theme is discussed ad-nauseam in many lists and forums, as well as the C wrappers for doing stuff suid. IMHO, however, sudo can give you more granular control though paradoxically relies on suid itself. The question here is why make the whole freaking interpreter suid when you can granularly control the specific script. Anyway, I would personally use a wrapper or sudo. Cheers, -- Alejandro Imass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTikqTNgaqFoRc7keOU_kp6ofTOMk2g>