[sudo-users] 1.7.0rc1 interesting tests
Richard van den Berg
richard at vdberg.org
Mon Jun 21 09:28:24 EDT 2010
On Fri, 18 Jun 2010 18:11:21 +0000 (UTC), Bryan <bryan at bevege.com> wrote:
> This is off topic but the "tls_checkpeer no" fixed the sudo:
> ldap_start_tls_s():
> Connect errors on my Centos 5.4 systems connecting to openldap 2.4.24
Without peer checking an attacker can do a man-in-the-middle attack
against your LDAP server and serve up any sudo's she needs (like sudo ALL).
Not a great idea for high risk environments.
Richard
More information about the sudo-users
mailing list