sudo sudo
mackay at kodak.com
mackay at kodak.com
Fri Apr 6 09:38:43 EDT 2001
From: Scott D. MacKay
Yes, it does look like a configuration mistake but without any info, there
is no way of telling.
What do your rules look like? If they are 'everything but the shells',
well, that is obviously your problem...
If that is the case (seems like a fit for the symptoms), I would suggest
you change your philosophy to one more aligned with firewalls "That which
is not explicitly allowed is denied". work your rules to indicate what is
allowed, not what is not allowed.
-Scott
mikecc <mikecc at atrek.org> on 04/06/2001 09:05:25 AM
To: sudo-users at courtesan.com
cc: (bcc: Scott D. MacKay/943904/EKC)
Subject: sudo sudo
Users on our Solaris 2.7 servers are able to subvert sudo by executing sudo
via sudo.
For example a user can not do the following:
sudo /bin/ksh
But the same user can do this:
sudo sudo /bin/ksh
with that double sudo command the user successfully enters a ksh
environment as root. Seems to me this is a configuration mistake but I can
not find it.
======================================================================
Mike Cerone, CISSP, CCNA
Ad Astra!
======================================================================
____________________________________________________________
sudo-users mailing list <sudo-users at courtesan.com>
For list information, options, or to unsubscribe, visit:
http://www.courtesan.com/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list