Q: A question of security vulnerability

Jim Choate ravage at einstein.ssz.com
Thu May 8 19:34:15 PDT 2003

Given a basic Linux (or *nix) system with a user bob. Assume that bob has
sudo capability. There are two approaches (I'm not going to use exact

1.	bob	sh

2.	bob	All

So, in the first case bob can:  sudo sh -c "foo"

and in the second bob can: sudo foo

Why would the first approach represent a more secure mechanism?

It is true that sh could be a wrapper or have sticky bits, etc. We'll
assume these are not an issue. The point being why is running a program
directly as root in this manner less secure than running the program
through a shell as root?

Example? Explanation?



      We are all interested in the future for that is where you and I
      are going to spend the rest of our lives.

                              Criswell, "Plan 9 from Outer Space"

      ravage at ssz.com                            jchoate at open-forge.org
      www.ssz.com                               www.open-forge.org

More information about the Testlist mailing list