I could walk around sudo!!!
Nathan Dietsch
nathandi at access.com.au
Tue Feb 13 17:34:07 EST 2001
Henry,
This is more to do with your configuration than anything. I think some
time with the sudoers man page might be advised.
Nathan
Nathan Dietsch
Systems Consultant
Access Gaming Systems
On Tue, 13 Feb 2001, Henry Leung wrote:
> I am just installed sudo in my system. and played around with it. I just
> feel that sudo can not protect anything. Here is am example:
>
> 1) no protection for Log file : I can easily delete the enties in
> /var/log/sudolog by " sudo vi /var/log/sudo" or "sudo rm /var/log/sudo".
>
> 2) Can not block certain command :
>
> even su is blocked by the sudoers:
> -----------------------------------------
> Cmnd_Alias TEST=/usr/bin/su
>
> # User privilege specification
> root ALL=(ALL) ALL
> %sunteam ALL=(ALL) ALL,!TEST
> ----------------------------------------
>
> I still can su to others by creating a simple script. here it is:
> -----------------------------------------------------------------------
> $ more sudotest
> #!/bin/sh
> /usr/bin/su $1
> -----------------------------------------------------------------------
>
> Same script can be used to do any thing!!!
>
> How can you block this?
>
> I looking forward to your response!
>
> Best Regards
>
> Henry Leung
>
> System Administrator, Opensoft Consulting Group Inc.
> Tel : (416) 260-2656 ext.255
> Suite 201, 322 King Street West. Toronto,ON, Canada M5V 1J2
>
>
>
More information about the sudo-users
mailing list