Fwd: Ethereal in the Background
Fwd: Ethereal in the Background
- Subject: Fwd: Ethereal in the Background
- From: Nathan <email@hidden>
- Date: Fri, 14 Apr 2006 21:40:51 -0600
On 14 Apr 2006 14:40:56 -0700, Randal L. Schwartz <email@hidden> wrote:
> >>>>> "Hemant" == Hemant Shah <email@hidden> writes:
>
> Hemant> Why all all commands to run without password. Just allow ethereal to
> Hemant> run without password:
>
> Hemant> username ALL= (root) NOPASSWD: /path/to/ethereal
>
> However, I believe ethereal can be told to launch child processes, or reads
> publicly-placed files for configuration, such as which plugins to add. So in
> this case, your change has the *appearance* of additional safety, and in fact,
> has no additional safety whatsoever.
As long as we're debating technicalities, it does in fact provide
_some_ "additional safety". You can no longer simply 'sudo passwd
root' or 'sudo chmod -R 777 /', for example. You would instead
(assuming you knew that ethereal was in sudoers) need to figure out
some way to exploit the above-mentioned flaws first. I absolutely
agree that it's not to be considered bullet-proof, but in practical
terms, it's head and shoulders above the first solutions in terms of
security. If you've ever actually _tried_ to exploit something in
such a way (and perhaps you have), then you know how maddening it can
be to actually break through...not that I...uh, ever...um...never
mind. :-)
~ Nathan
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
This email sent to email@hidden