home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!charon.amdahl.com!pacbell.com!decwrl!elroy.jpl.nasa.gov!swrinde!cs.utexas.edu!qt.cs.utexas.edu!yale.edu!jvnc.net!rutgers!modus!gear!cadlab!albani
- From: albani@cadlab.sublink.org (Lanfranco Albani)
- Newsgroups: comp.unix.aix
- Subject: Re: shutdown for non-su
- Message-ID: <1992Nov03.144006.617@cadlab.sublink.org>
- Date: 3 Nov 92 14:40:06 GMT
- References: <1ad10ef0@p7.f36.n245.z2.fidonet.org> <BwH9Mn.8B9@austin.ibm.com>
- Organization: CAD.LAB S.p.A., Bologna, Italia
- Lines: 128
-
- jerry@austin.ibm.com (Jerry Heyman) writes:
-
- : Title: Unix System Administration Handbook
- : Author: Evi Nemeth, Gath Snyder, Scott Seebass
- : Pub: Prentice Hall
- : ISBN: 0-13-933441-6
- :
- :They give the code for a 'sudo' command. This command allows selected users
- :to run as super-user for certain commands. Each user has a separate list of
- :commands that they can run, and password verification/validation is required.
- :Any user trying to execute a command that they do not have authority to run
- :will cause an e-mail message to be generated and sent to root.
- :
- :The 'sudo' command can be found in Appendix A of the above book.
-
-
- **** BEWARE !!! ****
-
- The listings in the Nemeth,Snyder & Seebass are bugged.
- These are the bug we have found (and corrected...):
-
- file sudo.c
-
- the '#include <strings.h>' was modified as:
-
- #include <string.h>
-
- and the statement (last line)
-
- if(n = index(n, '.')) *n = 0;
-
- become:
-
- if(n = strchr(n, '.')) *n = 0;
-
-
- in the function errexit() (page 474 if we have the same edition...)
- there is a bug. This fragment is listed twice, the first *BEFORE* the
- buffer 'cmd' is initialized!
-
- if((fd = popen(cmd, "w")) == NULL)
- {
- return;
- }
-
- also in the errexit() function the author uses /usr/ucb/mail.
-
- (void) sprintf(cmd,
- "usr/ucb/mail -s \"HELP! %s@%s has problems.\" %s ",
- progname, hostname, ALERTMAIL);
- if((fp = popen(cmd, "w")) == NULL)
- {
- return;
- }
-
- We prefer use /usr/bin/mail:
-
- (void) sprintf(cmd, "/usr/bin/mail %s", ALERTMAIL);
- if((fp = popen(cmd, "w")) == NULL)
- {
- return;
- }
- fprintf(fd,
- "Subject: WARNING! %s@%s has problems\n",
- progname, hostname);
-
-
- In the function checkdoer() (page 476...) there are a couple of bugs that
- are potentially very dangerous for security:
-
- if(strncmp(cp0, "all", 3) == 0)
-
- is modified as:
-
- if(strcmp(cp0, "all\n") == 0)
-
- and also this below:
-
- if(strncmp(cp2,ap,strlen(ap)) == 0)
- {
- (void) strncpy(res, cp0, cp1-cp0);
- /* copy command back */
- return;
- }
-
- become:
-
- if(strncmp(cp2,ap,strlen(ap)) == 0)
- {
- (void) strncpy(res, cp0, cp1-cp0);
- /* copy command back */
- res[cp1-cp0] = '\0'; /* forces string termination */
- return;
- }
-
-
- also in the mailmsg() there are the same problems as errexit():
-
- (void) sprintf(cmd,
- "/usr/ucb/mail -s \"*SECURITY* %s@%s tried %s\" %s ",
- user, hostname, *argv, ALERTMAIL);
- if((fp = popen(cmd, "w")) == NULL)
- {
- return;
- }
-
- is modified as:
-
- (void) sprintf(cmd, "/usr/bin/mail %s", ALERTMAIL);
- if((fp = popen(cmd, "w")) == NULL)
- {
- return;
- }
- fprintf(fd, "Subject: *SECURITY* %s@%s -> %s\n",
- user, hostname, *argv);
-
-
-
-
- We are using sudo extensively, and we are very satisfied!
-
- Bye, Lanfranco
-
- --
- Lanfranco Albani - CAD.LAB s.p.a., v. Ronzani 7/29, Casalecchio, Italia
- Email: (work:) albani@cadlab.sublink.org, (home:) bob@allan.sublink.org
- Phone: (work:) ++39 (51) 6130360, (home:) ++39 (51) 727372;
- Fax: ++39 (51) 6130294 (work only), Fidonet: 2:332/407.1138 (home only).
-