Ldif format
Howard Owen
hbo at egbok.com
Sun May 23 02:26:07 EDT 2004
On Sat, 2004-05-22 at 21:06, Aaron Spangler wrote:
> Essentially there is an infinite amount of commands and permutations that
> essentially give you some sort of shell. Because of this, it does not make
> sense to allow a feature that gives the admin a false sense of security.
>
> As a result, the !command feature was dropped before it became generally
> available.
I'm always amazed at organizations that persist in using the '!SHELLS'
syntax. Knowing that many people who do this are not stupid makes it
even harder to credit. I've finally come to the conclusion that many
groups do this as an expression, rather than an enforcement of policy.
If someone is caught doing something stupid or malicious in a root
shell, management can say "you evaded our clear policy against root
shells."
You may or may not consider this alternate interpretation of excluding
shells from 'ALL' as legitimate, or worth the confusion of people who
believe such an exclusion actually works, but I thought I'd mention it.
--
Howard Owen "Even if you are on the right
EGBOK Consultants track, you'll get run over if you
hbo at egbok.com +1-650-218-2216 just sit there." - Will Rogers
More information about the sudo-users
mailing list