From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.30)
	id 1B3bWw-0005EB-NR
	for qemu-devel@nongnu.org; Wed, 17 Mar 2004 08:56:22 -0500
Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.30)
	id 1B3bRE-0003ta-3P
	for qemu-devel@nongnu.org; Wed, 17 Mar 2004 08:50:59 -0500
Received: from [80.91.224.249] (helo=main.gmane.org)
	by monty-python.gnu.org with esmtp (Exim 4.30) id 1B3bPe-0003Rp-LT
	for qemu-devel@nongnu.org; Wed, 17 Mar 2004 08:48:50 -0500
Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian))
	id 1B3bPY-0005Mh-00
	for <qemu-devel@nongnu.org>; Wed, 17 Mar 2004 14:48:45 +0100
Received: from 131.207.183.253 ([131.207.183.253])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <qemu-devel@nongnu.org>; Wed, 17 Mar 2004 14:48:44 +0100
Received: from ressu by 131.207.183.253 with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <qemu-devel@nongnu.org>; Wed, 17 Mar 2004 14:48:44 +0100
From: Sami Haahtinen <ressu@ressukka.net>
Date: Wed, 17 Mar 2004 15:48:40 +0200
Message-ID: <c39kvr$863$1@sea.gmane.org>
References: <200403161542.26268.jm@poure.com>
	<200403161616.09613.jm@poure.com>	<20040316183841.3c8c7ece.markus.niemisto@iki.fi>
	<20040317112747.077bcc0e.luca.ferroni@studio.unibo.it>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
In-Reply-To: <20040317112747.077bcc0e.luca.ferroni@studio.unibo.it>
Sender: news <news@sea.gmane.org>
Subject: [Qemu-devel] Re: Morphix booting in 1024x768 resolution and Win32
	questions
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://mail.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://mail.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://mail.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Luca Ferroni wrote:
> The problem of root execution is the script /etc/qemu-ifup which calls ifconfig
> It is not enough to set permissions 755 to this script
> You can use sudo, 
> 
> #!/bin/sh
> sudo /sbin/ifconfig $1 172.20.0.1
> 
> and put your user in /etc/sudoers file
> 
> user	ALL=(ALL) 	NOPASSWD: ALL

EEEEK!

Kids, never ever ever try this at home! You have just granted access to 
any account without any password to anyone who can access your account 
(read, someone who gets you to run a simple script or exploits the 
newest über exploit for the leet mailclient[tm] you were running)

Something that would be a bit more sane would read:
user ALL = NOPASSWD: /sbin/ifconfig

and for someone even more paranoid:
user ALL = NOPASSWD: /sbin/ifconfig tun*

please, do yourself a favour and use one of the above instead of 
granting access to all around the system. the password isn't really that 
much of a pain to write, and it provides security.

Regards, Sami