[ale] Sudo

Michael B. Trausch fd0man at gmail.com
Wed May 18 21:44:48 EDT 2005


Jim Popovitch wrote:
> On Wed, 2005-05-18 at 20:08 -0400, Michael B. Trausch wrote:
> 
>>Jim Popovitch wrote:
>>
>>>That is not.... oh nevermind, it's obviously not worth even trying to
>>>explain.  
>>>
>>>Sorry dude, you are out in left field,
>>>
>>
>>That is the solution to the queston you posted.
>>
>>If you want the shell to learn then add the source to do so and submit
>>the patch back to the GNU project.  However, it's a means of introducing
>>a security flaw, as the rest of the world would see it, and would be
>>misused, and they'd probably not include it in the next release... but
>>you can try.
> 
> 
> You CLEARLY don't understand what I was asking.  Please re-re-read.
> 
> -Jim P.
> 

Okay... I'll take this in little baby steps for you:

> > Several times in the (still going)
> > setuid/viral/malware/root/non-root/etc discussion people have mentioned
> > using sudo.  One of the things I've always disliked about sudo is the
> > need for me to have to preface some commands I want to run as su vs
> > which I don't.  What I mean is as a user if I want to run "ifconfig eth
> > mtu 1149", I need to acually run "sudo ifconfig eth0 mtu 1149", but if I
> > want to just see what the MTU is for interface eth0 I don't need sudo.
> > What I think would be neat is for bash (or other shells) to remember
> > sudo commands that users run and to automatically invoke sudo the next
> > time I run the command without it.  Knowing when to use sudo is not the
> > issue here, having sudo know when it is needed is.

The issue that you're talking about is that you want bash - or another
shell - to remember that you used sudo when you executed a command.  So,
instead of:

	$ ifconfig eth0 192.168.0.100 [...]

It would be:

	$ sudo ifconfig eth0 192.168.0.100 [...]

How *smart* do you think this could *possibly* be?  There's a reason
that you have to explicity specify that you want root privilege.  Are
you truly that lazy?

In addition, giving sudo the intelligence to look at a command line and
go, "Oooh, I'm needed to make this command succeed," is also playing
with fire.  At worst, you're talking about implementing it with a hash
table, and perhaps learning from repeated execution.  However, this
flies in the face of everything that has anything to do with the Unix
philosophy.

Want that functionality in sudo?  Fork it and create a new program with
a different name so that people who would think it is evil and
unwarranted (which it is) can not be tricked into using it and
consequently grepping the source to remove that "functionality".

	- Mike

-- 
Michael B. Trausch                               <fd0man at gmail.com>
Website: http://fd0man.chadeux.net/     Jabber: mtrausch at jabber.com
Phone: +1-(678)-522-7934              FAX (US Only): 1-866-806-4647
===================================================================
Do you have PGP or GPG?  Key at pgp.mit.edu, Please Encrypt E-Mail!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature




More information about the Ale mailing list