[sudo-users] regarding shell escape
Ran Li
Ran.Li at rti.rogers.com
Thu Dec 29 11:49:36 EST 2005
Hello all,
I m using ldap for sudoer entries, yet I cannot prevent shell escape
properly, my platforms are SunOS5.9, 5.10, HPUX11.11, Linux 2.6.9-11,
sudo version 1.6.8p12
after compiling, do `sudo -V | grep "dummy exec"` I got
# ./sudo -V | grep "dummy exec"
File containing dummy exec functions: /opt/sudo/libexec/sudo_noexec.so
and sudo_noexec.so is on place.
I tried to create a role called noexec ... does not forbid the vi shell
escape
LDAP Role: Noexec
Commands:
/usr/bin/less
/bin/vi
/usr/bin/vi
I also tried to add noexec as a prefix of a sudocommand, does not work
either ..
LDAP Role: Admin
Commands:
NOEXEC: /usr/bin/less
NOEXEC: /bin/vi
NOEXEC: /usr/bin/vi
other than completely block the vi command, anybody has the experience
to prevent shell escape properly using ldap sudoer entries? Thanks.
Regards,
Ran
More information about the sudo-users
mailing list