home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.unix.admin
- Path: sparky!uunet!cs.utexas.edu!torn!watserv1!watdragon.waterloo.edu!jmsellen
- From: jmsellen@watdragon.waterloo.edu
- Subject: Re: allowing users root access to specific commands
- Message-ID: <BrzE3L.A1q@watdragon.waterloo.edu>
- Organization: DCS Software Activists Squad
- References: <1992Jul24.130911.6009@dragon.acadiau.ca> <Brwt1v.2pL@acsu.buffalo.edu>
- Date: Sun, 26 Jul 1992 05:33:17 GMT
- Lines: 41
-
- In article <Brwt1v.2pL@acsu.buffalo.edu> hinkle@cs.Buffalo.EDU (Steven J. Hinkle) writes:
- | We use a program called 'sudo'. It is available via anonymous ftp from
- |boulder.colorado.edu in /pub/sa-book/sudo
- |
- | In a file (/usr/local/adm/sudoers) you can specify a username, the commands
- |that username can execute as root and a path that it has as root.
- |
- | Works great.
-
- Well, if I'm reading the code correctly, consider what happens if you have
- a privileged user with userid "jmsmith", and user "jms" tries the sudo
- command. Check the use of strncmp() in isadoer(). Look for other strncmp()s
- in the program. Do they work?
-
- "sudo" attempts to notify "root" via mail when someone tries to use "sudo"
- who shouldn't be. What happens if your nasty user has this
- alias root myuserid
- in his/her .mailrc??
-
- The mailmsg() routine has
- char cmd[80];
- (void) sprintf(cmd,
- "/usr/ucb/mail -s \"*SECURITY* %s@%s tried to execute %s\" %s ",
- user,hostname,*argv,ALERTMAIL);
- If I'm counting correctly, there are 27 bytes available to hold user, hostname,
- the command attempted, the ALERTMAIL userid, and the trailing '\0'. And
- hostname is declared as MAXHOSTNAMELEN long. What happens when
- sprintf overflows?
-
- In create_file(), we have:
- descrip = open(file, O_TRUNC | O_CREAT | O_WRONLY, 0700);
- if(descrip == INVALID)
- {
- printf("Gag, couldn't open validation file.\en");
- exit(4);
- }
- which isn't exactly confidence inspiring.
-
- John Sellens
- University of Waterloo
- jmsellens@watdragon.uwaterloo.ca
-
