On 26/01/2023 11:04, Greg Wooledge wrote:
On Thu, Jan 26, 2023 at 10:26:34AM +0700, Max Nikulin wrote:
Greg, I agree with your warnings. Just out of curiosity, is there a reason
why the following variant may still be unsafe?
runas() { local who=$1; shift; su --login "$who" --shell=/bin/bash
--command='"$0" "$@"' -- "$@"; }
1) http://jdebp.info/FGA/dont-abuse-su-for-dropping-privileges.html
Greg, thank you for the link. Actually I use su namely to create PAM
session, e.g. to get shell inside a container using "lxc-attach -n
container ... -- su - user" (when where is no point to use ssh). setpriv
is likely not an option in such case. Mostly I use sudo. Sometimes I use
the trick with positional arguments passed to "sh -c", but I have never
combined it with su before.
3) --command='"$0" "$@"' is ... very unintuitive, even for an experienced
shell user.
...
su "$who" -c '"$@"' -- x "$@"
To get meaningful command name in ps output, perhaps it is better to use
something like
su "$who" -c '"$@"' -- su-bash "$@"
(or "su-$SHELL" that skill may not be precise). Repeating $1 is likely
worse, since the process is shell, not the passed command.
su "$who" -c '"$@"' -- "$1" "$@"
Can't say
I've ever seen su contortions like this before.
I have an idea what should be referred to as a real abuse of su. Do not
do it, it is just a joke. However it allows to avoid issues with spaces
and other shell specials in arguments.
runas() { local who=$1; exe="$(type -P "$2")"; shift 2; su - "$who" -s
"$exe" -- "$@"; }
