1 Apr
2011
1 Apr
'11
2:51 a.m.
2011/3/31 Rony gnulinuxist@gmail.com:
I had to put everything in a root owned container and the sudoer's file was edited to allow the user only this particular command as root. Thus all data was root owned and inaccessible to the user.
This is almost always a bad idea. There are any number of possible attacks - path based, fire redirection based etc. that is possible with this. For example, how does the "stramer" program work - does it overwrite the file specified by -o? In that case, what will happen if I do this first:
ln -s /etc/passwd ./binand.jpeg
and run your script?
Binand