[sudo-users] (no subject)

Todd C. Miller Todd.Miller at courtesan.com
Fri Sep 24 09:20:25 EDT 2004


In message <BDD35658B859D51187AB00508BB8203005D2C59A at nswcdlvaex12.nswc.navy.mil
>
	so spake Clift Robert T CONT DLVA (CliftRT):

> Within vi any user can shell out(i.e :!sh) and get a shell. If the user is
> using sudo and vi a bogus file, they can shell out and have a root shell.
> Any ideas on how to prevent this action. 

With sudo 1.6.8p1 you have two options:
    1) give the user permission to run sudoedit, not vi
    2) use the NOEXEC tag (though this won't work on some OSes).

 - todd



More information about the sudo-users mailing list