[sudo-users] Redirect permissions

Todd C. Miller Todd.Miller at courtesan.com
Wed Oct 7 12:38:50 EDT 2009

In message <da64b8ba0910070847h326e9e67k507842256daa011d at mail.gmail.com>
	so spake Robert Hall (rjh405):

> Please pardon me if this is an ignorant question. Presumably if you execute
> a fully-quoted command string in sudo and that string contains a redirect,
> then the output will be able to overwrite a file that only allows root edit
> perms.
> E.g.: $ sudo 'cat /tmp/myfile.txt > /etc/passwd'
> Is there a configuration option to prevent a user with sudo permissions from
> doing this? I haven't been able to locate one.

Redirection like this is handled by the shell before sudo is even
executed.  If you wrap the command in a shell it will work, e.g.

$ sudo sh -c 'cat /tmp/myfile.txt > /etc/passwd'

But then of course the user must have access to run /bin/sh.

 - todd

More information about the sudo-users mailing list