-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Content-Type: text/plain; charset=us-ascii
In message <[EMAIL PROTECTED]>, Ted Cabeen writes: >In message <[EMAIL PROTECTED]>, Mike Renfro writes: >>> A lazy sysadmin, not thinking through the ramifications, might put >>> things like "/usr/bin/vi /etc/aliases" in the sudoers file, thinking >>> that it limits access. But of course, vi has the ":e" command... >> >>and it looks like nvi still supports the secure options mentioned >>there. > >Vim also supports something similar, either by prepending r to the executable >name (rvim) or adding the -Z flag. However, thinking about it, this doesn't work. If you're editing as root, you can use :e to switch to editing a SUID root file (any one you can write to will work), delete the entire contents, and then use :r to bring in the /bin/sh executable. You'd need an editor that couldn't edit binary files to prevent this attack. - -- Ted Cabeen http://www.pobox.com/~secabeen [EMAIL PROTECTED] Check Website or Keyserver for PGP/GPG Key BA0349D2 [EMAIL PROTECTED] "I have taken all knowledge to be my province." -F. Bacon [EMAIL PROTECTED] "Human kind cannot bear very much reality."-T.S.Eliot [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: Exmh version 2.5 07/13/2001 iD8DBQE8BsLwoayJfLoDSdIRAqoVAJ9KXDHVefmPsbnKU63vjNbtpwdyWQCfXvI/ n0N0MbChXeou3l/Jj3JRqMM= =DucW -----END PGP SIGNATURE-----
