Sudo from scripts
Patrick O'Callaghan
pocallaghan at gmail.com
Tue Nov 18 16:19:14 UTC 2008
On Tue, 2008-11-18 at 09:39 -0600, Mikkel L. Ellertson wrote:
> Patrick O'Callaghan wrote:
> >
> > The ability to do what? Give root ownership to a script? It is
> > unchanged. Once again: only root can change ownership.
> >
> > In any case, the owner of the script is only security-relevant in two
> > cases: 1) if it allows someone to edit the script who normally couldn't,
> > or 2) if the script is setuid. Of course it could also change who can
> > *execute* the script, but if it's not setuid they'll be doing it as
> > themselves, not as the owner.
> >
> Does setuid work on scrips? I know it did not in the past, but I
> have not checked to see if that has changed.
Quite right, it doesn't. I should have spotted that.
It doesn't affect the argument though.
poc
More information about the fedora-list
mailing list