Best way to gain root privileges

Ricardo Aráoz ricaraoz at gmail.com
Fri Feb 18 15:04:18 CET 2011


On 17/02/2011 06:46 p.m., Steven D'Aprano wrote:
> On Thu, 17 Feb 2011 19:44:20 +0000, Katie T wrote:
>
>> Running any kind of script sudo'd is a bad idea, it's very very hard (in
>> many cases impossible) to do securely. Root permissions in general
>> should only be used for what they're needed for and nothing else (that
>> means getting the permission, doing the stuff that needs to be done as
>> root, and then returning back to normal privs), anything else is just
>> asking for trouble.
> I agree with your general point, but the specific point to avoid running
> scripts with sudo? Are you sure you're not conflating sudo with setuid?
> By my reading, sudo is far preferred over running scripts setuid root.
>
> Linux, for example, simply will not run scripts setuid root because of
> the security risk, while running things using sudo is considered best
> practice, and much preferred over logging in as root. The idea of sudo is
> to do exactly what you say: doing the stuff needed as root with elevated
> permission, then returning to normal.

Maybe this is a bit OT, as it involves the OS and security system, but 
considering the general knowledge assembled in this list and that it is 
related to the thread.......

I've always asked myself why can't a program be used by users of a 
certain group but run with the privileges of some other user, not 
necessarily the one that uses it, but one created specifically for the 
tasks the program is responsible for.

AFAIK in Linux a program will only run with the privileges of the user 
who runs it.
But I can see no reason (other than it is not actually permitted by the 
OS) that a program can't run with it's *own* privileges. Many a time I 
have wanted to allow access to certain privileges to a user but *only* 
through a program. As far as security is concerned it would be enough 
that only root has permission to give the said program running 
privileges (privileges different from those of the user that is actually 
running it), that only allowed users may modify the program, and that 
*other* users may only run it. This would address the issue of someone 
modifying the program to gain access to it's privileges. Now, if someone 
is able to gain illegal privileges to modify the program, then there 
*is* a security hole and the program is not really the problem.

Am I misinformed and you can actually do this in Linux? Am I being naive 
security wise?







More information about the Python-list mailing list