From: M. S. <lm...@fe...> - 2006-02-07 18:08:17
|
Dear John, Thank you for your quick reply. However, i must say i was quite sad with your agressive reply. Either way, i would just like you to take some web pages into consideration= : http://www.redhat.com/magazine/012oct05/features/oprofile/ http://devforums.amd.com/lofiversion/index.php/t359.html https://www.redhat.com/archives/fedora-devel-java-list/2005-March/msg00117.= html https://uimon.cern.ch/twiki/bin/view/FIOgroup/LxbuildInfo http://prospect.sourceforge.net/ "if use of oprofile is required: we need to give sudo access to the users to be able to start the profiling, so please give us the list of logins that need it" PS: actually, you dont need to have "." in the administrators path to explo= it this :o) PS2: i dont really understand your agressive response. It is quite obvious that whoever did that opcontrol script tried to correct the security bug i mentioned by exporting a "safe" PATH on the script...(however...it should be about 2 lines sooner ;oP). PS3: regarding the "it's nearly impossible to audit given it's a shell script", i must disagree. The fact that it is a script only makes the task a lot simpler. PS4: as you can see, even a article on the official redhat site mentions the use of 'sudo'. PS5: feel free to contact me if you need any help. Best regards, Lu=EDs Silva Quoting John Levon <le...@mo...>: > On Tue, Feb 07, 2006 at 12:00:21PM +0000, Lu=EDs Miguel Silva wrote: > >> This causes a security flaw (at least on your "opcontrol script"). > > You're using sudo (a completely broken 'feature' in the first place). > This problem is only a security flaw if you've decided to do this (or > foolishly have "." in root's $PATH); we've never recommended sudo > precisely because nobody has audited opcontrol (and it's near impossible > to audit, given it's a shell script). > > That said, I wouldn't object to a patch to make it use /usr/bin/which if > you're otherwise happy throwing around privilege to unaudited code. > > regards > john |