root password
Steven Stern
subscribed-lists at sterndata.com
Wed Feb 8 21:00:50 UTC 2012
On 02/08/2012 02:49 PM, James Wilkinson wrote:
> Steven Stern wrote:
>> I keep meaning to edit the sudo config files to block things like
>>
>> sudo su -
>> sudo bash
>>
>> but I get lazy. Someday, this will bite me in the ***.
>
> Note for anyone considering this: itâs virtually impossible to make this
> watertight, because there are too many ways for someone to get around
> it.
>
> For example, what happens if someone creates a bash script and then runs
> it with sudo? Can people make sudo-run programs overwrite a program that
> they can then run with sudo, or a program that root will run normally?
> Can programs on the list be persuaded to run an editor or a shell?
>
> You really need to start with a very short whitelist, and add to it as
> required.
>
> James.
>
Exactly. Don't give anyone sudo you wouldn't trust with root, yourself
included.
--
-- Steve
More information about the users
mailing list