I could walk around sudo!!!

Henry Leung hleung at osft.com
Tue Feb 13 17:11:27 EST 2001


I am just installed sudo in my system. and played around with it. I just
feel that sudo can not protect anything. Here is am example:

1) no protection for Log file : I can easily delete the enties in
/var/log/sudolog by " sudo vi /var/log/sudo" or "sudo rm /var/log/sudo".

2) Can not block certain command : 

even su is blocked by the sudoers:
-----------------------------------------
Cmnd_Alias      TEST=/usr/bin/su

# User privilege specification
root    ALL=(ALL) ALL
%sunteam ALL=(ALL) ALL,!TEST
----------------------------------------

I still can su to others by creating a simple script. here it is:
-----------------------------------------------------------------------
$ more sudotest
#!/bin/sh
/usr/bin/su $1
-----------------------------------------------------------------------

Same script can be used to do any thing!!!

How can you block this?

I looking forward to your response!

Best Regards

Henry Leung

System Administrator, Opensoft Consulting Group Inc.
Tel : (416) 260-2656 ext.255
Suite 201, 322 King Street West. Toronto,ON, Canada M5V 1J2  


-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 2044 bytes
Desc: not available
URL: </pipermail/sudo-users/attachments/20010213/87f4e774/attachment.bin>


More information about the sudo-users mailing list