Your point is well taken, and I agree. My point really was that with sudo
you can control how the user, albeit the average user, uses a program and it
will create a log of all invocations of the command. This, in my opinion,
is much better than just setting a program setuid root.
Now if there are some underlying issues with the program, that could
exploited, your no better off with sudo than just setting it setuid. Once
they have root they can "fix" any logs that would have indicated they had
run said program via sudo.
I think a lot of this depends on the environment the system is running in
and the level of security paranoia required for that environment.
diana
-----Original Message-----
From: Neulinger, Nathan [mailto:nneul@xxxxxxx]
Sent: May 17, 2001 8:04 AM
To: 'Eichert, Diana'; 'Peter Kjellerstedt '; ''Guy Harris' '; 'Cameron
Kerr '
Cc: 'cody '; 'Ethereal-users@xxxxxxxxxxxx '
Subject: RE: [Ethereal-users] Run as root not as any other user
Sudo in this case doesn't gain you anything other than the control of WHO
can run it. Any time you allow a non-root user to run a command as root that
isn't written to be safely run setuid (which is what sudo is doing) - you're
basically opening yourself up to that non-root user having full access to
the machine.
You're not understanding the dangers of setuid if you think that sudo is
more secure in this case than just making ethereal itself setuid with proper
group permissions.
The ONLY safe way to do this is to run a program as root that is DESIGNED to
be run as root - such as by doing the absolute minimum as root and then
dropping perms, or by being securely written and relying only on securely
written toolkits.
-- Nathan