sudo-users Digest, Vol 6, Issue 6

Todd C. Miller Todd.Miller at courtesan.com
Tue Jun 10 12:05:12 EDT 2003


In message <A74DA636A939D7118E4B00065B8E55B00370CB04 at hydmail2.hyd.office.juno.c
om>
	so spake "Molumuri, Janardhan" (mjanar):

> >sudo -l output
> 
>     (root) ALL
>     (root) !SHELLS

The !SHELLS is useless here since the user can copy a shell to a
different name, write a program that execs a shell, get a shell
from an editor, more, or a myriad of other ways.

Basically, "ALL, !FOO" is fatally flawed for all values of FOO.
The only safe thing is to enumerate the commands you want a
user to be able to run.

 - todd


More information about the sudo-users mailing list