[X-Unix] App launched by my crontab runs as root if Login Window!

Alexandre Gauthier supernaut at underwares.org
Mon Jun 6 12:20:07 PDT 2005 

Alexandre Gauthier wrote:

> Eric F Crist wrote:
>
>> ~flipper wrote:
>>
>>> Brian Medley wrote:
>>>
>>>>  > So, with 'root' disabled. (a misnomer, since root is not enabled in
>>>>
>>>>>  the first place, having no password, no shell default, no console
>>>>>  access, etc)...
>>>>>
>>>>>  try using sudo to cd your way into /private/var/root
>>>>>
>>>>>  let me know how you do.
>>>>
>>>>
>>>>
>>>>
>>>> cd is a shell builtin.  sudo has no way to run this as any user.
>>>
>>>
>>>
>>>
>>> What's up? Sarcasm detector wasn't working, eh? My point was that 
>>> with root disabled (in it's standard-shipped Unix default), the 
>>> presence of 'sudo' is NOT de facto evidence of a root account having 
>>> been enabled (at any time), as was alluded to in the OP. It's merely 
>>> an escalation to admin (or a sort of 'super' admin status), in that 
>>> there are still operations that sudo won't allow.
>>>
>>> If a root account is enabled, and I log in as root, I can go 
>>> anywhere on the computer into 'my' 'root' 'home', into other 
>>> accounts, etc). But with no root enabled, there are 'walls'...sudo, 
>>> or no sudo.
>>>
>>> brian s
>>> _______________________________________________
>>> X-Unix mailing list
>>> X-Unix at listserver.themacintoshguy.com
>>> http://listserver.themacintoshguy.com/mailman/listinfo/x-unix
>>>
>>> Listmom is trying to clean out his closets! Vintage Mac and random 
>>> stuff:
>>>         http://search.ebay.com/_W0QQsassZmacguy1984
>>>
>>>
>> If I'm not mistaken, root disable, or not, you can still sudo su - 
>> and go wherever you want to.
>>
> You are right. I was about to mention -- with sudo you run whatever you
> run as root. Nothing stops you from running a login shell as root :) It
> is not merely "some sort of escalation" but rather, you just plain run
> the command as uid 0. Try touching a file through sudo and tell me to
> who it belongs...
>
Errr, replying to myself is extremely bad practice, I know, please don't 
shoot my kneecaps, I still need them.

I just want to add that I am not denying that sudo isn't a de-facto 
evidence that root is enabled, though.
Just pointing out that all sudo does is run the program you specify as 
root, uid 0.

*protects his kneecaps as he slowly walks away*

-- 
Alexandre Gauthier
supernaut at underwares.org

underwares.org
Obscure IT knowledge Open Database

The human brain operates at only 10% of its capacity. The rest is overhead for the operating system.

More information about the X-Unix mailing list