Removable media security in FreeBSD
Jason Stone
freebsd-security at dfmm.org
Tue Jun 10 00:37:07 PDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> >> Allowing the user to use sudo would effectively be giving him/her root
> >> privileges, which we explicitly don't want to do.
> >
> >No it wouldn't. You can specify the commands that you allow each user to
> >run.
>
> Ah, but letting the user mount and unmount things effectively lets
> that person do anything he or she wants, by switching around what's
> mounted at key mountpoints.
No - in the sudo config you can (actually, _must_) specify not just the
command but (all) the arguments.
-Jason
--------------------------------------------------------------------------
Freud himself was a bit of a cold fish, and one cannot avoid the suspicion
that he was insufficiently fondled when he was an infant.
-- Ashley Montagu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg
iD8DBQE+5YqgswXMWWtptckRAnP7AJ9jkM40BsuK/lrkUV34pHYAWjUnhwCffi+h
r7Y/LspVB3IzqJZsCr4ZSsk=
=ipU5
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list