Re: [Exim] Root is user in Envelope

Top Page
Delete this message
Reply to this message
Author: dman
Date:  
To: Exim Users Mailing List
Subject: Re: [Exim] Root is user in Envelope
On Mon, Jan 14, 2002 at 02:16:21PM -0500, Greg A. Woods wrote:

| The usual problems with having multiple superuser accounts is that
| there's really only one from the kernel's perspective (user-names are
| not used in the kernel, only the magic number zero),


This is a problem not only with UID '0', but with any UID. If you
want to see this in action, make two entries in /etc/passwd with 2
unique names and 1 UID. Make the first name "name1" and the second
"name2".

Now use 'visudo' to give "name2" the right to run some command as
another user. Login as "name2", run "sudo <command>" and you will be
told that "name1" doesn't have permission.

What happened? Sudo can call a function and find out the uid of the
user who ran it. Then it reverses that to a name (and gets the first
one in /etc/passwd) and looks to see if that user is allowed to
execute the requested command.

I know this because I tried it once :-).

-D

--

No harm befalls the righteous,
but the wicked have their fill of trouble.
        Proverbs 12:21