Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Create a Sandbox for apps using folder actions' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Create a Sandbox for apps using folder actions
Authored by: ptejad on May 27, '04 05:08:32PM

This is a BAD, BAD idea. If you change this script to give all of the files in the folder root:admin ownership, then everything will always run as root, WITHOUT asking for authentication. I know that's what he intends here, but again, this is a BAD idea.

You always want these things to ask for authentication so that you KNOW when a script or program has elevated priveleges.

This would be a perfect payload for the latest round of vulnerabilities to be able to gain root access and wipe you out completely.



[ Reply to This | # ]
Create a Sandbox for apps using folder actions
Authored by: anjoschu on May 28, '04 03:02:37AM

ptejad wrote:

If you change this script to give all of the files in the folder root:admin ownership, then everything will always run as root

I fully understand your concerns. That's why I warned in the notes:

Avoid using root or any admin as the user

ptejad wrote:

You always want these things to ask for authentication so that you KNOW when a script or program has elevated priveleges.

That's right IF you actually choose to ignore the warning and put in a root/administrator account. Actually the intended use of this hint is to run applications with lowered privileges.

ptejad wrote:

This would be a perfect payload for the latest round of vulnerabilities to be able to gain root access and wipe you out completely.

Sorry, but that's just not right. If you use the hint as recommended, you could actually increase your security by lowering the privileges of certain apps.

But you've got a point in that I probably didn't stress the importance of this enough, so let me repeat:

DO NOT ENTER ROOT OR ANY ADMIN USER OR GROUP IN THE SCRIPT

Thanks for pointing that out.



[ Reply to This | # ]