On Tue, Feb 27, 2007 at 04:17:10AM +0100, Curt Manucredo wrote: > i could never imagine that it is possible to call a command and then > have root rights for it, without authentificating on the system with a > password. so i thought a daemon running as root might solve that problem > (which i thought it does exist) ;-). but since today i can not imagine > how sudo is doing that - it might be very difficult to explain since i > couldn't find an explantion on the net. > so, how is sudo doing this auth-job, even with no > password-verification. how does sudo treat the system?
/etc/sudoers tells sudo who is allowed to do what, who needs to give a password or not, and so on. The 'sudo' command itself is a setuid binary, which means that even when run as an ordinary user, the program has the rights of it's owner -- in this case root -- and can therefore do anything that root can do. Yes, exploitable setuid programs are a big security risk. But they're invaluable in cases like sudo. - Matt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
