[sudo-users] regarding shell escape
Ran.Li at rti.rogers.com
Thu Dec 29 11:49:36 EST 2005
I m using ldap for sudoer entries, yet I cannot prevent shell escape
properly, my platforms are SunOS5.9, 5.10, HPUX11.11, Linux 2.6.9-11,
sudo version 1.6.8p12
after compiling, do `sudo -V | grep "dummy exec"` I got
# ./sudo -V | grep "dummy exec"
File containing dummy exec functions: /opt/sudo/libexec/sudo_noexec.so
and sudo_noexec.so is on place.
I tried to create a role called noexec ... does not forbid the vi shell
LDAP Role: Noexec
I also tried to add noexec as a prefix of a sudocommand, does not work
LDAP Role: Admin
other than completely block the vi command, anybody has the experience
to prevent shell escape properly using ldap sudoer entries? Thanks.
More information about the sudo-users