[sudo-users] env_reset ignored under sudoers plugin?
Gareth.Humphries at WorldPay.com
Mon Oct 3 10:19:58 MDT 2016
I've checked that, and the user doesn't have ALL. In the POC I used, they just have access to one executable, /sbin/arping. The output of 'sudo -l' in my first post is not abbreviated at all.
The output of sudo -l is the same on the standalone setup as is on the centralised, but the behaviour is different, so something more subtle than a simple misconfiguration is going on, I think.
From: Todd C. Miller
Sent: 03 October 2016 17:13
To: Humphries, Gareth
Cc: 'sudo-users at sudo.ws' <sudo-users at sudo.ws>
Subject: Re: [sudo-users] env_reset ignored under sudoers plugin?
If you give a user sudo ALL permissions they will be able to set arbitrary environment variables and use "sudo -E". You can add the NOSETENV tag to the ALL keyword as follows:
testuser somehost = NOSETENV: ALL
This e-mail and any attachments are confidential, intended only for the addressee and may be privileged. If you have received this e-mail in error, please notify the sender immediately and delete it. Any content that does not relate to the business of Worldpay is personal to the sender and not authorised or endorsed by Worldpay. Worldpay does not accept responsibility for viruses or any loss or damage arising from transmission or access.
Worldpay (UK) Limited (Company No: 07316500/ Financial Conduct Authority No: 530923), Worldpay Limited (Company No:03424752 / Financial Conduct Authority No: 504504), Worldpay AP Limited (Company No: 05593466 / Financial Conduct Authority No: 502597). Registered Office: The Walbrook Building, 25 Walbrook, London EC4N 8AF and authorised by the Financial Conduct Authority under the Payment Service Regulations 2009 for the provision of payment services. Worldpay (UK) Limited is authorised and regulated by the Financial Conduct Authority for consumer credit activities. Worldpay B.V. (WPBV) has its registered office in Amsterdam, the Netherlands (Handelsregister KvK no. 60494344). WPBV holds a licence from and is included in the register kept by De Nederlandsche Bank, which registration can be consulted through www.dnb.nl. Worldpay, the logo and any associated brand names are trade marks of the Worldpay group.
More information about the sudo-users