[sudo-users] SUDO & noexec
Tim Bradshaw
tfb at tfeb.org
Wed Feb 19 15:44:59 MST 2014
On 19 Feb 2014, at 18:58, PASHIARDIS Charalambos <Charalambos.PASHIARDIS at swift.com> wrote:
> What
> am not sure about though, is if during this callback the sudoers file should
> contain a black or white list of commands...!
>
It needs to be a whitelist unless there are additional checks: at least that no element of the path to the executable is writable by the original user. If you don't do that then anyone can make /var/tmp/ok-to-execute -> /bin/sh.
--tim
More information about the sudo-users
mailing list