:: Re: [DNG] automount, mount, and USB…
Página Inicial
Esta mensagem é parte da seguinte discussão:
M-----+\Árvore completa da discussão ordenada por data
M---\.MMdr.klepp em <-
M++\M\MMIsaac Dunham em ->
Delete this message
Reply to this message
Autor: Didier Kryn
Data:  
Para: dng
Assunto: Re: [DNG] automount, mount, and USB sticks
Le 29/07/2015 16:35, arnt@??? a écrit :
> Every last problem of sudo is taken seriously? Did you know that if
> someone has limited access, e.g. the right to install standard
> packages, then it is easy to leverage that to get complete access.
> Various packages run programs in $PATH as root, Firefox comes to mind,
> so just prepare $PATH and sudo apt-get install firefox.
>
> Sudo leaves the user's $PATH and the rest is just a matter of finding
> the right exploit.
>
> Was open for years, may still be open.
>
> Arnt 

     I don't understand the preventions against sudo. It is just up to 
the administrator to take care, like for everything.


     Wether execution of the command is allowed by sudo, by a setuid bit 
or by policykit does not change the result. Sudo is simply the most 
versatile method to allow/disallow actions, IMHO far easier to configure 
than policykit. Don't forget that allowed commands may (should) be 
specified with their absolute path, therefore bypassing PATH. It is 
better than having a specialized daemon for this and that, because it 
keeps everything configured in one well known file.


     In the case of mounting usb sticks, this applies to a personal 
computer, where the owner is also the administrator. For conveniency, a 
limited list of actions may be allowed without password, like mounting a 
usb key.


     Didier



Esta mensagem foi enviada para as seguintes listas:
dng
Informações da lista | Mensagens recentes		<-Re: [DNG] OT: some ancient programming language historyRe: [DNG] OT: some ancient programming language history->

Donate to Dyne.org

dyne.org open discussions
administrado por dyne.org hackers		Lurker (versão 2.3)