[fpc-pascal] shell script with root rights and automatic password

[Jonas Maebe]

Rainer Stratmann wrote:
> What works is an entry in the sudoers file.
> And then the program/script you can call with root rights.

I hope this is for something that will only ever run on your own 
machine, because unless you take a lot of precautions (hardcoding a set 
of *absolute* paths to scripts that may be executed this way like 
Michael mentioned can help, but only if you can guarantee none of these 
locations can be overwritten, symlinked to somewhere else or substituted 
through mounting), this is a security disaster waiting to happen.

A lot of security holes in various Unix-like OSes happen through abuse 
of setuid helpers or helper programs executed as root. If you really 
need to do something as root, having a small setuid binary that can only 
do this one thing is much safer than invoking a general purpose shell 
that can do anything. You can find a very basic overview of some issues 
at 
https://developer.apple.com/library/mac/documentation/OpenSource/Conceptual/ShellScripting/ShellScriptSecurity/ShellScriptSecurity.html 
.

If everything mentioned there isn't completely obvious to you, please do 
not distribute any program that invokes shell scripts as root before you 
familiarise yourself very thoroughly with security at the Unix/shell 
level. And even if it is, ask yourself whether there is no safer way to 
achieve the same results.


Jonas