On Thu, Jul 30, 2015 at 12:40:33AM +0200, Didier Kryn wrote: > I don't understand the preventions against sudo. It is just up to the > administrator to take care, like for everything. > > Wether execution of the command is allowed by sudo, by a setuid bit or > by policykit does not change the result. Sudo is simply the most versatile > method to allow/disallow actions, IMHO far easier to configure than > policykit. Don't forget that allowed commands may (should) be specified with > their absolute path, therefore bypassing PATH. It is better than having a > specialized daemon for this and that, because it keeps everything configured > in one well known file. > > In the case of mounting usb sticks, this applies to a personal computer, > where the owner is also the administrator. For conveniency, a limited list > of actions may be allowed without password, like mounting a usb key.
I'm not sure where in the discussion this fits, but I thought I'd mention it here: Permitting all mount invocations via sudo does have a potential security hole if your mount implementation supports FUSE, as you can run an arbitrary command by specifying the mount type. I don't think that sudo does the necessary steps to block this. If you use a wrapper script, you can make it automatically determine the type and run ntfs-3g if appropriate, then allow sudo to run that. If you use a C wrapper, you can do that and make it suid. HTH, Isaac Dunham _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
