:: Re: [DNG] automount, mount, and USB…
Top Page
Delete this message
Reply to this message
Author: Didier Kryn
Date:  
To: dng
Subject: Re: [DNG] automount, mount, and USB sticks
Le 29/07/2015 16:35, arnt@??? a écrit :
> Every last problem of sudo is taken seriously? Did you know that if
> someone has limited access, e.g. the right to install standard
> packages, then it is easy to leverage that to get complete access.
> Various packages run programs in $PATH as root, Firefox comes to mind,
> so just prepare $PATH and sudo apt-get install firefox.
>
> Sudo leaves the user's $PATH and the rest is just a matter of finding
> the right exploit.
>
> Was open for years, may still be open.
>
> Arnt


     I don't understand the preventions against sudo. It is just up to 
the administrator to take care, like for everything.


     Wether execution of the command is allowed by sudo, by a setuid bit 
or by policykit does not change the result. Sudo is simply the most 
versatile method to allow/disallow actions, IMHO far easier to configure 
than policykit. Don't forget that allowed commands may (should) be 
specified with their absolute path, therefore bypassing PATH. It is 
better than having a specialized daemon for this and that, because it 
keeps everything configured in one well known file.


     In the case of mounting usb sticks, this applies to a personal 
computer, where the owner is also the administrator. For conveniency, a 
limited list of actions may be allowed without password, like mounting a 
usb key.


     Didier