sudo sudo
mikecc
mikecc at atrek.org
Fri Apr 6 09:05:25 EDT 2001
Users on our Solaris 2.7 servers are able to subvert sudo by executing sudo
via sudo.
For example a user can not do the following:
sudo /bin/ksh
But the same user can do this:
sudo sudo /bin/ksh
with that double sudo command the user successfully enters a ksh
environment as root. Seems to me this is a configuration mistake but I can
not find it.
======================================================================
Mike Cerone, CISSP, CCNA
Ad Astra!
======================================================================
More information about the sudo-users
mailing list