Home » Questions » Computers [ Ask a new question ]

Linux: setuid programs without read permission

Linux: setuid programs without read permission

I have noticed that in all Linux systemsArchLinux*, certain setuid programs come with rather unusual permissions:

Asked by: Guest | Views: 31
Total answers/comments: 1
Guest [Entry]

"I question your premise. Why should sudo be like su?

su only grants privs if you (a) already have them or (b) authenticate to get them.

sudo grants privs based on a rulebase; it can be told, for example, to grant root privs to 'joe' any time joe asks, with no password needed. ""man sudoers"" - its quite powerful.

So sudo has the capability to do things su can't do.

One could stomp on the sudo executable in such a way as to make it always grant root to anyone who asked - ignoring the sudoers file and just using an internal ""hardwiring"" of sorts.

So it makes sense to protect it MORE than we need to protect su; it makes sense to make it very hard to read or write to the sudo executable itself."