>>>>> "Ethan" == Ethan Benson <[EMAIL PROTECTED]> writes:
Ethan> On Sat, Jul 07, 2001 at 02:10:09AM +0100, Eric E Moore wrote: >> I would be very shocked if you could compromise a system with a >> sudoers entry of: me hostname = (root) /bin/cat Ethan> i would not, being able to read every file on the system, even Ethan> if you can't write is going to lead to compromise sooner or Ethan> later. ok, I *should* have said that it would not give any vulnerabilities other than those granted by being able to read any file on the system. Unexpected compromises, I guess is what I meant, of the nature that putting less in the sudoers file would provide. Ethan> sudo is a very large cannon which is difficult to keep aimed Ethan> away from the foot... >> That it is. But then, the root password is basically a very large >> cannon built into your shoe. Ethan> i would not go that far. Ok, the amount of aiming away from your foot that you can do with giving someone priveleges by giving them the root password is a proper subset of the aiming away from your foot that you can do when granting priveleges through sudo. -Eric
