On Friday 01 April 2011 08:21 AM, Binand Sethumadhavan wrote:
2011/3/31 Ronygnulinuxist@gmail.com:
I had to put everything in a root owned container and the sudoer's file was edited to allow the user only this particular command as root. Thus all data was root owned and inaccessible to the user.
This is almost always a bad idea. There are any number of possible attacks - path based, fire redirection based etc. that is possible with this. For example, how does the "stramer" program work - does it overwrite the file specified by -o? In that case, what will happen if I do this first:
ln -s /etc/passwd ./binand.jpeg
and run your script?
How would you create a script for a user that creates and updates files but does not allow the user to edit them later? Any idea is welcome.