Daniel.King at fiserv.com
Mon Jun 24 18:02:15 EDT 2002
rvim, and even rview will allow writing out files - any file on the system if they are executed as root. Are you more concerned about malice or stupidity?
malice == :w!/dev/dsk/xxxx
A. Daniel King, System Analyst
Fiserv - Atlanta Center
1475 Peachtree Street, NE - Suite 700
Atlanta, GA 30309
Date: Mon, 24 Jun 2002 07:41:22 -0700
From: "Jeff Kennedy" <jlkennedy at amcc.com>
To: Sudo List <sudo-users at courtesan.com>
I wanted to get some confirmation that I'm not missing anything. We
want interns to be able to edit certain files like hosts and ethers but
obviously do not want them to have any root capability. With 'sudo vi'
they have the ability to execute shell commands as root or simply break
out into a root shell.
Using rvim I was unable to do the above-mentioned things but wanted to
make sure I'm not missing a gotcha. No ':!' commands were allowed nor
was a shell escape.
Anything else I might be missing? Not counting root shell scripts that
More information about the sudo-users