[sudo-users] (no subject)
Todd C. Miller
Todd.Miller at courtesan.com
Fri Sep 24 09:20:25 EDT 2004
In message <BDD35658B859D51187AB00508BB8203005D2C59A at nswcdlvaex12.nswc.navy.mil
so spake Clift Robert T CONT DLVA (CliftRT):
> Within vi any user can shell out(i.e :!sh) and get a shell. If the user is
> using sudo and vi a bogus file, they can shell out and have a root shell.
> Any ideas on how to prevent this action.
With sudo 1.6.8p1 you have two options:
1) give the user permission to run sudoedit, not vi
2) use the NOEXEC tag (though this won't work on some OSes).
More information about the sudo-users