FS#35376 - [pacman] Strategically poor to require sudo rights for rm rather than paccache.sh
Attached to Project:
Pacman
Opened by John (graysky) - Monday, 20 May 2013, 10:39 GMT
Last edited by Dave Reisner (falconindy) - Monday, 20 May 2013, 12:32 GMT
Opened by John (graysky) - Monday, 20 May 2013, 10:39 GMT
Last edited by Dave Reisner (falconindy) - Monday, 20 May 2013, 12:32 GMT
|
Details
If I understand the way paccache is working, a user running
`paccache -vrk 2` does so and if candidate packages are
found, the script will attempt to use /usr/bin/rm to remove
them. The act of doing so requires the user to have sudo
privilege escalation to /usr/bin/rm rather than on
/usr/bin/paccache which can be a security risk if it is
desired to grant the user the ability to only run
/usr/bin/paccache but not /usr/bin/rm which could be
accidentally or deliberately abused.
For example in /etc/sudoers one could grant user foo access to run paccache: foo ALL=NOPASSWD:/usr/bin/paccache That is very different from: foo ALL=NOPASSWD:/usr/bin/rm Apologies in advanace if I am missing something. |
This task depends upon
Closed by Dave Reisner (falconindy)
Monday, 20 May 2013, 12:32 GMT
Reason for closing: Won't fix
Additional comments about closing: Working as intended
Monday, 20 May 2013, 12:32 GMT
Reason for closing: Won't fix
Additional comments about closing: Working as intended
Comment by Allan McRae (Allan) -
Monday, 20 May 2013, 10:42 GMT
Just run paccache under sudo then..
Comment by John (graysky) - Monday,
20 May 2013, 10:56 GMT
Senior-moment I suppose; probably safe to close this one.