Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems 'su'ing into the root user

On Aug 22, 2006, at 9:29 AM, John Mundt wrote:

On Aug 21, 2006, at 10:45 PM, Ansgar -59cobalt- Wiechers wrote:
- sudo (by default) works one-command-at-a-time, making the user think a little harder before issuing root commands, hopefully avoiding possibly fatal errors.
- since sudo doesn't (by default) generate an actual shell, you can't easily drop into it and walk away, allowing a potential security breach. 

sudo /bin/sh

give a very nice root shell....

part of this boils down to using the facilities given, rather than making up your own.

'sudo -s' does exactly what 'sudo /bin/sh' does, but by using the facility that's built in to the sudo tool, there may (or, hell, may not) be extra benefits. I've never personally audited the 'sudo' code, but I can guarantee you that - if there are any at all - invoking the shell explicitly will bypass any extra benefits that may (or may not) be present.

sudo -s : might provide you with extra protection.
sudo /bin/sh : definitely will not.

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden
References: 
 >Problems 'su'ing into the root user (From: Nate Rudd <email@hidden>)
 >Re: Problems 'su'ing into the root user (From: Simon Slavin <email@hidden>)
 >Re: Problems 'su'ing into the root user (From: Ansgar -59cobalt- Wiechers <email@hidden>)
 >Re: Problems 'su'ing into the root user (From: JC Derr <email@hidden>)
 >Re: Problems 'su'ing into the root user (From: John Mundt <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.