On 21/07/2015 00:24, Mick wrote: > On Monday 20 Jul 2015 22:50:31 Walter Dnes wrote: >> On Mon, Jul 20, 2015 at 06:49:00PM +0100, Mick wrote >> >>> This is all good and dandy, but letting user "nobody" read your >>> mail accoutn passwd may not be the safest approach to sending email >>> messages from your machine. >> >> I think you missed the point. The "NOPASSWD:" option means that this >> one particular user "nobody" ***DOES NOT NEED THE ROOT PASSWORD*** to >> execute this one particular command which normally requires "root" level >> privileges. I repeat, it has no need for the password. > > I have not missed the point you are raising. My concern was that "nobody" is > a user account without a login shell, to which you give access to a user file > that has a login shell and in particular to a file that contains the email > account passwd of that user. > > Given that public servers and daemons often run as nobody:nogroup I would be > cautious about this. I do not have an exact script in mind which could > potentially cause privilege escalation, but someone more skilled that I in > the > dark arts could well do. >
The main danger in that scenario (there are several) is that the shell script can be suspended (Ctrl-Z) or offer a means to escape to a shell. Do that, be root. A good rule of thumb is to only put compiled programs into sudoers, never scripts or wrappers. It is very very hard to write a script that disables all those nasty features that made scripts so useful and friendly -- Alan McKinnon alan.mckin...@gmail.com
