[Ilugc] Re: Execting commands as different user
- From: srivasta@xxxxxxxxxx (Manoj Srivastava)
- Date: Wed Jan 24 11:05:29 2007
On Wed, 24 Jan 2007 07:49:37 +0530 (IST), Sivaram Kannan said:
sudo is the best answer, of course. But before hard coding
passwords in an expect script, I would write a C program that execs
/bin/ls, and make the resulting program suid. Less of a security
hole.
to make it more genenric, pass the program as a command line
argument.
I deliberately did not suggest that, since that is a great big
gaping security hole., You might as well remove the password
requirement for the user, since anyone can then run any command as a
user -- including, but not restricted to, /bin/sh
Do not do this.
manoj
--
HOST SYSTEM RESPONDING, PROBABLY UP...
Manoj Srivastava <srivasta@xxxxxxx> <
http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Other related posts: