[sudo-users] Sudo's secure path option can be cirumvented
yaberger at ca.ibm.com
yaberger at ca.ibm.com
Thu Jun 3 10:22:04 EDT 2010
Hi,
I've just received the following security alert:
http://www.sudo.ws/sudo/alerts/secure_path.html
I've a few questions concerning this part:
Sudo "secure path" feature works by replacing the PATH environment
variable with a value specified in the sudoers file, or at compile time if
the --with-secure-path configure option is used.
Is there any configuration related to that in sudoers or is it only a
configure/compile option?
Can you confirm that this doesn't apply if sudo is not configured with the
--with-secure-path option?
By default, is this option set to yes if you configure with the default
options (./configure) ?
Is it possible to determine if your sudo has been builded with this
configuration option (in sudo -V output probably) ?
Yannick Bergeron
yaberger at ca.ibm.com
IT Specialist
AIX / Samba / Load Balancer / DCE/DFS / SCM / Apache / Security / Perl
scripting / etc.
More information about the sudo-users
mailing list