FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 11-19-2008, 12:54 AM
Matthew Miller
 
Default sudo and secure-path

On Tue, Nov 18, 2008 at 04:26:17PM -0500, Karlos Smith wrote:
> (https://bugzilla.redhat.com/show_bug.cgi?id=471603), *adding* /sbin
> /usr/sbin and /usr/local/sbin to the path when sudoing root makes sense,
> but hardcoding the path has messed me up. I have scripts that I allow
> non-root users to execute through sudo without a password, I don't put
> those scripts in any of the *bin dirs, but the script dir is in the
> users $PATH.
[...]
> And while it was possible for people to add to their path to work around
> the previous issue, I'm SOL, because there's no way to work around
> "secure-path".
> Is this really the right thing to do?

Yes. The tab-completion thing working is a side-effect -- the more important
thing is no surprises. How about a compromise -- add /usr/local/sbin to the
secure path?

--
Matthew Miller <mattdm@mattdm.org>
Senior Systems Architect
Cyberinfrastructure Labs
Computing & Information Technology
Harvard School of Engineering & Applied Sciences

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 11-19-2008, 01:23 AM
"Jon Stanley"
 
Default sudo and secure-path

On Tue, Nov 18, 2008 at 8:54 PM, Matthew Miller <mattdm@mattdm.org> wrote:

> Yes. The tab-completion thing working is a side-effect -- the more important
> thing is no surprises. How about a compromise -- add /usr/local/sbin to the
> secure path?

You can't be guaranteed that path is in fact secure. Lots of systems
mount /usr/local from somewhere outside of their domain of control,
and I don't want to blindly trust stuff in there.

Users have a PATH for a reason. Let them keep it.

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 11-19-2008, 01:49 PM
Karlos Smith
 
Default sudo and secure-path

Jon Stanley wrote:
> On Tue, Nov 18, 2008 at 8:54 PM, Matthew Miller <mattdm@mattdm.org> wrote:
>
>
>> Yes. The tab-completion thing working is a side-effect -- the more important
>> thing is no surprises. How about a compromise -- add /usr/local/sbin to the
>> secure path?
>>
--secure-path wasn't added for security reasons as far as I can tell.
It was added so people could type "sudo ifconfig" instead of "sudo
/sbin/ifconfig".

So as it stands, we are saving people from occasionally having to type
'/sbin/', and forcing others to *frequently* type '/usr/local/sbin/'.
That's not a fair trade-off. But, I wouldn't complain if there were a
work around.

/usr/local/ isn't one of the paths I preserve across installs, so
adding /usr/local/sbin to the secure path wouldn't solve my problem
anyway (I make heavy use of ~/bin/).
>
> You can't be guaranteed that path is in fact secure. Lots of systems
> mount /usr/local from somewhere outside of their domain of control,
> and I don't want to blindly trust stuff in there.
>
I thought the whole point of /usr/local was for *locally* installed
programs.

OK from FHS2.3:
"The /usr/local hierarchy is for use by the system administrator when
installing software locally. [...]It may be used for programs and data
that are shareable amongst a group of hosts, but not found in /usr."

Seems odd to me. However /usr/local/sbin, is no *less* secure than
/usr/sbin!
/usr/sbin "should" be sharable
/usr/local/bin "may" be sharable

And btw /usr/local/sbin is in the default path for root in a default
install of Fedora, so it seems we already implicitly trust /usr/local/sbin.

Having said all that, I reiterate that adding /usr/local/sbin to the
secure-path, is a deficient workaround.
> Users have a PATH for a reason. Let them keep it.
>
Exactly. However, I see nothing wrong with *adding* /sbin /usr/sbin
and /usr/local/sbin when sudoing to root.
I don't mind making things easier, that's what a computer is for, but
removing functionality from experienced users, to add ease to newer
users is a bad idea.

--
Karlos Smith
Red Hat Global Services
kasmith@redhat.com
+1 361 649-6255 c.

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 11-19-2008, 03:02 PM
Karlos Smith
 
Default sudo and secure-path

Karlos Smith wrote:
> --secure-path wasn't added for security reasons as far as I can tell.
> It was added so people could type "sudo ifconfig" instead of "sudo
> /sbin/ifconfig".
>
Quick Clarification: Yes the "--secure-path" was added to sudo as a
security feature. But it would appear that the main reason that
*security* feature was enabled in Fedora was for ease of use, *not*
security.

carry on...

--
Karlos Smith
Red Hat Global Services
kasmith@redhat.com
+1 361 649-6255 c.

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 

Thread Tools




All times are GMT. The time now is 05:22 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org