On Fri, Jul 06, 2001 at 09:43:55AM -0500, Nathan E Norman wrote: > > OTOH if you restrict the user to a list of commands in /etc/sudoers, > it's wise to consider whether the user might be able to leverage one of > those commands to edit /etc/sudoers (or any other file). If you're > going to list "emacs" or "vi" in /etc/sudoers, you might as well just > list "ALL" :) or even seemingly innocuous things like less or even cat. sudo less anything !/bin/sh whoami r00t! echo me ALL=ALL > s sudo 'cat s >> /etc/sudoers' sudo is a very large cannon which is difficult to keep aimed away from the foot... -- Ethan Benson http://www.alaska.net/~erbenson/
PGP signature- Re: shared root account Daniel Polombo
- Re: shared root account Patrice Neff
- Re: shared root account Jason Healy
- Re: shared root account Steve Greenland
- Re: shared root account Ethan Benson
- Re: shared root account Jason Healy
- Re: shared root account Robert L. Yelvington
- Re: shared root account Tim Haynes
- Re: shared root account Ross Thomas
- Re: shared root account Nathan E Norman
- Re: shared root account Ethan Benson
- Re: shared root account Vineet Kumar
- Re: shared root account Simon Huggins
- Re: shared root account Eric E Moore
- Re: shared root account Nathan E Norman
- Re: shared root account Ethan Benson
- Re: shared root account Will Aoki
- Re: shared root account Steven Barker
- Re: shared root account Ethan Benson
- Re: shared root account SDiZ Cheng
- Re: shared root account Ethan Benson
