>>>>> "Ethan" == Ethan Benson <[EMAIL PROTECTED]> writes:
Ethan> or even seemingly innocuous things like less or even cat.
Less is a problem, yes, as is anything else with a shell escape.
Ethan> sudo less anything !/bin/sh whoami r00t!
Ethan> echo me ALL=ALL > s sudo 'cat s >> /etc/sudoers'
doesn't work. the >> is a shell redirection, but sudo doesn't
evaluate in a shell.
$ echo me ALL=ALL > s
$ cat s
me ALL=ALL
$ sudo 'cat s > foo'
sudo: cat s > foo: command not found
$ sudo cat s \> foo
me ALL=ALL
cat: >: No such file or directory
cat: foo: No such file or directory
I would be very shocked if you could compromise a system with a
sudoers entry of:
me hostname = (root) /bin/cat
Ethan> sudo is a very large cannon which is difficult to keep aimed
Ethan> away from the foot...
That it is. But then, the root password is basically a very large
cannon built into your shoe.
-Eric
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
