:: Re: [DNG] Systemd Shims
Página Principal
Delete this message
Reply to this message
Autor: John Morris
Data:  
Para: dng
Assunto: Re: [DNG] Systemd Shims
On Mon, 2015-08-17 at 06:48 +0100, Edward Bartolo wrote:
> The backends can be integrated into one single executable not to
> clutter the sudoers file and to increase system efficiency.


One suggestion here. Forget sudo and just make the backend suid root
like other system utilities of this type. Just make darned sure there
is no way to feed it command line input that could allow a root exploit
of course. It can check whatever permissions like ownership of the
local console/display, membership in wheel, etc. are desired to restrict
usage to only some users itself. Maintaining rules in sudoers is less
packagable even now that there is a /etc/sudoers.d directory to dump
fragments into.