[sudo-users] SUDO & noexec

Tim Bradshaw tfb at tfeb.org
Wed Feb 19 15:44:59 MST 2014

On 19 Feb 2014, at 18:58, PASHIARDIS Charalambos <Charalambos.PASHIARDIS at swift.com> wrote:

> What
> am not sure about though, is if during this callback the sudoers file should
> contain a black or white list of commands...!

It needs to be a whitelist unless there are additional checks: at least that no element of the path to the executable is writable by the original user.  If you don't do that then anyone can make /var/tmp/ok-to-execute -> /bin/sh.


More information about the sudo-users mailing list