root password

[James Wilkinson]

Steven Stern wrote:
> I keep meaning to edit the sudo config files to block things like
> 
>   sudo su -
>   sudo bash
> 
> but I get lazy. Someday, this will bite me in the ***.

Note for anyone considering this: it’s virtually impossible to make this
watertight, because there are too many ways for someone to get around
it.

For example, what happens if someone creates a bash script and then runs
it with sudo? Can people make sudo-run programs overwrite a program that
they can then run with sudo, or a program that root will run normally?
Can programs on the list be persuaded to run an editor or a shell?

You really need to start with a very short whitelist, and add to it as
required.

James.

-- 
E-mail:     james@ | It is a mistake to allow any mechanical object to realise
aprilcottage.co.uk | that you are in a hurry.