> On Wed, Aug 30, 2000 at 12:54:01PM -0500, Ben Luey wrote:
> > I want to allow anyone in group admin have read/write access to the global
> > fetchmailrc file -- if I change the perms on it to allow this, fetchmail
> > says this is a security problem and won't run (perms must be 700). Is
> > there a good way to give grou admin access with sudo -- I don't want to
> > add a line for "vi /etc/fetchmailrc" since that will cause vi to be run as
> > root and doesn't strike me as very secure. 
> 
> Maybe try "rvim /etc/fetchmailrc" ?  Rvim runs in a restricted mode that
> doesn't allow starting shell commands.  I'd still be a little leery
> of doing it, though.

As long as you can edit /etc/passwd (just take out the encrypted root
password or add a user with uid/gid of 0) you can root a system.  So any
suid program that can edit any file on the system has the potential to get
root, regardless of whether they can execute shell commands.

-R


---------------------------------------------------------------------
To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org
For additional commands, e-mail: tclug-list-help at mn-linux.org