From: John Levon <levon@mo...> - 2002-01-11 20:03:07
On Fri, Jan 11, 2002 at 03:40:22PM +0100, Philippe Elie wrote:
> > > > +o whitelist op_start parameters so at least sudo oprof_start should be safe ...
> > >
> > > what do you mean by this ? I've used sudo oprof_start quite often,
> > > and it seemed to be fine.
> > as in more secure. Right now a malicious hacker could probably have some
> > real fun with setting vmlinux file to
> > ; /bin/rm -rf /
> > or similar. There's no real hope of op_start being safe ever, but we should be
> > able to get oprof_start as a limited access thing.
> I prefer to make nothing rather than to provide a false security (even it it
> is documented) sudo is dangerous because we start script from oprof_start
> and there is nothing we can make against that. Just provide in doc a small
> comment on how to sudo it but let's the user make itself...
there IS something we can do about that, namely my TODO item above.
sudo op_start will always be insecure, sudo oprof_start not necessarily so.
"They're all fools. Don't worry. Darwin may be slow, but he'll eventually get
- Matthew Lammers
Get latest updates about Open Source Projects, Conferences and News.