Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re^2: semi secure sudo script to allow restricted copy ability

by 5mi11er (Deacon)
on May 06, 2008 at 17:22 UTC ( #685005=note: print w/ replies, xml ) Need Help??


in reply to Re: semi secure sudo script to allow restricted copy ability
in thread semi secure sudo script to allow restricted copy ability

Access control is the job of the operating system, and should stay there.
- Point taken; you are correct. However sudo's job is specifically to get around those restrictions...

Thus far, I've been able to ignore the fact that ACL's are available under linux, and the client has a history (policy?) of not installing selinux, so, I have no experience with either of those yet. But, yes, it would be a good idea for me to learn about them.

Thanks,

-Scott


Comment on Re^2: semi secure sudo script to allow restricted copy ability
Re^3: semi secure sudo script to allow restricted copy ability
by moritz (Cardinal) on May 06, 2008 at 17:42 UTC
    - Point taken; you are correct. However sudo's job is specifically to get around those restrictions...

    ... which is why you have to be extremely careful with sudo. You either allow only trusted users to use sudo (which is a very common case if you have multiple admin accounts) or you only allow a handful of select programs, presumably programs that you know very well.

    Unix has just one line of defense between between malicious local users and system administration: file permissions. These file permissions (and the code that checks them) have been developed and improved for over a decade. To think you can do better in a short perl script is a good example of hubris - in this case a very dangerous case.

    If your script allows an attacker to break that single line of defense, it will be easy to break the rest of your system. That's why you shouldn't try to circumvent file permissions, but adapt them to your needs.

    This was just a small rant to convince you not to do anything foolish with sudo. If you are still convinced that you want to use sudo, the usual hints apply (most of them are usually quoted in the context of web applications; the perl specific can be found in perlsec): use strict input checking. Use taint mode. Use whitelisting istead of blacklisting. Test your restrictions.

      I've already been down that road of not wanting to do something foolish, but I'm at odds with what I want to accomplish, the desire to have SOME semblance of security, (as I said, true security is already blown out of the water) and the tools I have available to solve the problem.

      I'm well aware of the arguments against doing this, I'm having those same conversations with myself, but I have a goal to reach, and security is currently standing between me and that goal...

      Whitelisting is what I'm planning to use.

      -Scott

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://685005]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (9)
As of 2014-07-28 07:37 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (193 votes), past polls