[juneau-lug] Re: visudo
- From: James Zuelow <e5z8652@xxxxxxxxxx>
- To: juneau-lug@xxxxxxxxxxxxx
- Date: Mon, 02 Feb 2004 20:15:32 -0900
On Sun, 01 Feb 2004 11:10:11 -0900
Jamie <jamie@xxxxxxxxxxxxxxxxx> wrote:
> James, thanks for the better answer, but could you explain that a
> little more? How is a file (this file) being editted inscure? It
> creates an insecure temprary copy in a public directory? Or can a
> non-priviledged user gain access to another users memory? Where
> does the risk come from?
>
> Thanks,
> -Jamie
>
The risk comes from a savvy user knowing that root is editing or will
edit /etc/sudoers, and hijacking the temp files used by common
editors. Apparently some editors use predictable temp file names, or
else allow multiple simultaneous edits of the file. Visudo makes sure
that the file is properly locked and not being edited. How to
actually do any of these attacks is beyond my knowledge - I've never
actually tried to do that to myself. It is probably a worthwhile
project, as I'm starting to write more scripts that use temporary
files here and there.
From the man page:
visudo edits the sudoers file in a safe fashion, analogous to
vipw(8).
visudo locks the sudoers file against multiple simultaneous
edits, pro-
vides basic sanity checks, and checks for parse errors. If the
sudoers
file is currently being edited you will receive a message to
try again
later.
Cheers,
James
------------------------------------
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the
word unsubscribe in the subject header.
Other related posts:
