Richard,

from the security point of view I agree, but there are many "only-user" AIX
installations (at least that's what we see every day) which don't have a
C-Compiler licensed and which don't have the skills to compile a complex
solution like sudo for themselves. And of course they cannot "verify" the
C-source because it's like a strange bavarian dialect to them...

So there is a risk (but life is a risk itself, eh?) and if possible one may
follow your recommendation and check & compile the code by itself.

To come back to the thead itself: I only wanted to point out that there is
something like sudo - where you get it and how you use (or compile) it: I'll
leave that up to those interested in the tool.

Regards,
Michael








Richard Sims <rbs AT BU DOT EDU> on 20.07.99 18:18:48

Please respond to "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>








 To:      ADSM-L AT VM.MARIST DOT EDU

 cc:      (bcc: Michael Abel/resnova)



 Subject: Re: Shared Memory Question









>why reinvent the wheel? - if you need access to root privileges and
>you want to control them on a per command and per user basis: use sudo.
>sudo is available on http://www.bull.de/pub/ as a precompiled binary
>in AIX-software format (lpp). So download, install and go.

Whoa!  By all means use sudo as a user-specific way of permitting
superuser execution of some programs.  But NEVER grab a program of
this type off the net as a binary and simply run it, particularly
if it's granting root access such as this one is.  You don't know
what's in a binary, or who might have deposited it on the web site
(including those who break into web sites and deposit "interesting"
binaries for the unsuspecting to download).  Get the source code,
see what's in it, and then compile that for your system so that
you know what you're dealing with and be assured that it's compiled
for the specifics of your system...particularly when such programs
get near the kernel.  Think security, as well as function.
   Richard Sims, BU