:: Re: [DNG] Systemd Shims
トップ ページ
このメッセージを削除
このメッセージに返信
著者: John Morris
日付:  
To: dng
題目: Re: [DNG] Systemd Shims
On Mon, 2015-08-17 at 06:48 +0100, Edward Bartolo wrote:
> The backends can be integrated into one single executable not to
> clutter the sudoers file and to increase system efficiency.


One suggestion here. Forget sudo and just make the backend suid root
like other system utilities of this type. Just make darned sure there
is no way to feed it command line input that could allow a root exploit
of course. It can check whatever permissions like ownership of the
local console/display, membership in wheel, etc. are desired to restrict
usage to only some users itself. Maintaining rules in sudoers is less
packagable even now that there is a /etc/sudoers.d directory to dump
fragments into.