[Gambas-user] su command
Rob
sourceforge-raindog2 at ...94...
Thu Apr 10 20:27:31 CEST 2008
On Thursday 10 April 2008 13:15, Demosthenes Koptsis wrote:
> 'in order to run a su command we create a temp file named
> tmpFile0 in /tmp directory
> 'with the root password writed in it.
This is a really terrible idea, security-wise, and I hope you don't
distribute this software too much because it will cause a race
condition that would easily be exploited by malware. You should set
up /etc/sudoers and use sudo.
As for getting the password with "0</tmp/filename", maybe SuSE's su
implementation reads the password from stdin and Mandriva's forces
the use of a tty, which wouldn't work with redirection like that.
Rob
More information about the User
mailing list