I could walk around sudo!!!

Nathan Dietsch nathandi at access.com.au
Tue Feb 13 17:34:07 EST 2001


Henry,

This is more to do with your configuration than anything. I think some
time with the sudoers man page might be advised.

Nathan

Nathan Dietsch
Systems Consultant
Access Gaming Systems

On Tue, 13 Feb 2001, Henry Leung wrote:

> I am just installed sudo in my system. and played around with it. I just
> feel that sudo can not protect anything. Here is am example:
>
> 1) no protection for Log file : I can easily delete the enties in
> /var/log/sudolog by " sudo vi /var/log/sudo" or "sudo rm /var/log/sudo".
>
> 2) Can not block certain command :
>
> even su is blocked by the sudoers:
> -----------------------------------------
> Cmnd_Alias      TEST=/usr/bin/su
>
> # User privilege specification
> root    ALL=(ALL) ALL
> %sunteam ALL=(ALL) ALL,!TEST
> ----------------------------------------
>
> I still can su to others by creating a simple script. here it is:
> -----------------------------------------------------------------------
> $ more sudotest
> #!/bin/sh
> /usr/bin/su $1
> -----------------------------------------------------------------------
>
> Same script can be used to do any thing!!!
>
> How can you block this?
>
> I looking forward to your response!
>
> Best Regards
>
> Henry Leung
>
> System Administrator, Opensoft Consulting Group Inc.
> Tel : (416) 260-2656 ext.255
> Suite 201, 322 King Street West. Toronto,ON, Canada M5V 1J2
>
>
>




More information about the sudo-users mailing list