root password
James Wilkinson
fedora at aprilcottage.co.uk
Wed Feb 8 20:49:59 UTC 2012
Steven Stern wrote:
> I keep meaning to edit the sudo config files to block things like
>
> sudo su -
> sudo bash
>
> but I get lazy. Someday, this will bite me in the ***.
Note for anyone considering this: it’s virtually impossible to make this
watertight, because there are too many ways for someone to get around
it.
For example, what happens if someone creates a bash script and then runs
it with sudo? Can people make sudo-run programs overwrite a program that
they can then run with sudo, or a program that root will run normally?
Can programs on the list be persuaded to run an editor or a shell?
You really need to start with a very short whitelist, and add to it as
required.
James.
--
E-mail: james@ | It is a mistake to allow any mechanical object to realise
aprilcottage.co.uk | that you are in a hurry.
More information about the users
mailing list