5

I have a script that can only run successfully with root permissions

But in development it's really hard to run with root permissions (in my development environment) so I add 'sudo' when ever it's required inside the code and remove it before I push changes to production.

Obviously this is not a good practice since eventually a 'sudo' would slip in.

So I wonder what are the security risks of leaving it right there?

Ezra
  • 207
  • 1
  • 4

2 Answers2

8

The security risks are in the sudoers file.

if the sudoers file restricts the users to only safe operations and is either passwordless or requires a password every time. there is no danger.

This means that the actions performed under sudo must be safe and free from exploits like shell injection, alias or path attacks, and buffer-overun.

Where practical instead grant group permissions to the users. Eg. group "dialout" for serial ports. group "lp" for parallel ports, "audio" for sound devices, "adm" if you need to read the logs, etc.

Jasen
  • 834
  • 5
  • 8
  • 1
    Although I agree that this answer is the correct one, I think the part of "actions performed under sudo must be safe and free from exploits" should be highlighted since this is the most critical part of the message. Personally, I do not understand why people are over-using sudo. It violates the basic security principles: you should be able to drop privileges, but you should not be able to escalate them. I wrote an article re: risks of sudo, so if you are interested in the topic it may be worth reading it: http://dmitry.khlebnikov.net/2015/07/should-we-use-sudo-for-day-to-day.html – galaxy Jul 18 '15 at 11:57
0

If someone who does not understand your script runs it as a normal user, leaving these 'sudo's inside would give them the illusion that your script cannot do anything only a root user can while it actually can.

Ezra
  • 207
  • 1
  • 4