CooperLinuxfan.com

• Next message: Sean Hunter: "Re: [RFC] environment sanitisation wrapper"
• Previous message: Sean Hunter: "Re: [RFC] environment sanitisation wrapper"
• In reply to: Sean Hunter: "Re: [RFC] environment sanitisation wrapper"
• Next in thread: Sean Hunter: "Re: [RFC] environment sanitisation wrapper"
• Reply: Cooper: "Re: [RFC] environment sanitisation wrapper"
• Reply: Sean Hunter: "Re: [RFC] environment sanitisation wrapper"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sean Hunter wrote:
>
> As such, I have found it useful to alias "sudo" to set up a known
> path, then run the real "sudo" from my safe_env wrapper. You could
> just use "env -", but some environment vars are worth keeping IMO.

I don't think this approach will work because once someone figures out
which sudo is actually run you're still in for a rough ride. This
approach looks to me like a plain security through obscurity thing which
as many people know simply doesn't work in the end.

Now from what little I know of SuDo I understand that you use it to
allow users to run programs with root privilleges. What I would suggest
is that you let sudo run the requested programs via the wrapper instead
of the sudo binary itself. By doing that you can even tailor the
environment to the specific service you intend to start...

When replying, please keep in mind that I'm not familiar with SuDo...
Thanks.

Cooper

-- 
If you can read this you're probably not dead yet.
	- Johnny The Homicidal Maniac 7 -

• Next message: Sean Hunter: "Re: [RFC] environment sanitisation wrapper"
• Previous message: Sean Hunter: "Re: [RFC] environment sanitisation wrapper"
• In reply to: Sean Hunter: "Re: [RFC] environment sanitisation wrapper"
• Next in thread: Sean Hunter: "Re: [RFC] environment sanitisation wrapper"
• Reply: Cooper: "Re: [RFC] environment sanitisation wrapper"
• Reply: Sean Hunter: "Re: [RFC] environment sanitisation wrapper"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]