Hi Jaromil! Jaromil wrote on 29/07/2015 at 19:44 CEST:
[...] how I do it now? hardcode every single binary that sudo is aloud to execute, full path and locations that are only root writable. that's a sudoers feature...
This is how I personally see it: In an ideal environment, there were *no* things done during regular use of a personal computing device that required administrative permissions. Inversion of argument: The more operations occurring during regular operation of a system require administrative rights, the more flawed the system is, be it, because it has a wrong concept of what "administrative" is or because it fails to secure its operation properly, and thus, to gain plausible deniability, confronts the user with "this is dangerous, enter a superuser password, abandon all hope" in trivial usage scenarios (see also note [1] for an example). Having said that, I agree that attaching ephemeral, untrusted storage media into the filesystem hierarchy is a security- critical operation. Doing so must be performed as consciously as possible, security implications must have been considered and precautions must have been taken. In the light of this, isn't it preferable to have this system behavior of "automounting" performed by a dedicated service that manifests itself as an unmistakably perceivable process instead of burying it in some cryptic XML or Javascript configuration of a policy management subsystem? And, you may disagree, but sudo to me is "a rootshell where every commandline is prefixed with the string 'sudo '". Is that a better solution? Kind regards, T. Note [1]: Example: Installing new software via "packages" requires superuser permissions, because all those packages are entangled into one big bulk of a system called the "distribution", and messing with what's installed voids the warranty. ;-) _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
