[sudo-users] sudo remove -s and -i option

Goodman Leung gbcbooksmj at gmail.com
Tue Aug 22 00:49:33 MDT 2017


now , the only unsecurity thing left is "sudo su"



在 2017/8/22 14:46, Goodman Leung 写道:
> unalias command ?  exmaple ?
>
> but any way , i modified the sudo source code and satisfied what i need.
>
> here is the solution
>
> vi ./src/parse_args.c
> change
> static const char short_opts[] = 
> "+Aa:bC:c:D:Eeg:Hh::iKklnPp:r:SsT:t:U:u:Vv";
> to
> static const char short_opts[] = 
> "+Aa:bC:c:D:Eeg:Hh::KklnPp:r:ST:t:U:u:Vv";
>
> the recompile the sudo ,
> you will find out , options -i and -s is invalid .
>
> 在 2017/8/22 11:34, jbhanusri sri 写道:
>> Hi,
>>
>> It would be good to hear the security reason for removing that.
>>
>> However if you want to remove you can use unalias command.
>>
>> Thanks and Regards,
>> Bhanusri
>>
>> On Mon, Aug 21, 2017 at 2:52 AM, Goodman Leung <gbcbooksmj at gmail.com 
>> <mailto:gbcbooksmj at gmail.com>> wrote:
>>
>>     Boxbe <https://www.boxbe.com/overview> This message is eligible
>>     for Automatic Cleanup! (gbcbooksmj at gmail.com
>>     <mailto:gbcbooksmj at gmail.com>) Add cleanup rule
>>     <https://www.boxbe.com/popup?url=https%3A%2F%2Fwww.boxbe.com%2Fcleanup%3Fkey%3DKAd02kv2J9ujPuZzWtmW8su%252FekwUA7EShfCaimBCYTM%253D%26token%3DlILGcCfjFVmK85PVO93cC%252FGDppMdbPulIiTbos%252Bo4pLOMFwuOHY8a0XitwzpJ2vNfXn5jdbNVOyQhB7NFDY9eU3BL3jVPB0X%252FMFiN1fOJX8X2n2YhZTrBwK7mFcDrMJ%252BMSBCf5R%252FwrU%253D&tc_serial=32216663184&tc_rand=227992428&utm_source=stf&utm_medium=email&utm_campaign=ANNO_CLEANUP_ADD&utm_content=001>
>>     | More info
>>     <http://blog.boxbe.com/general/boxbe-automatic-cleanup?tc_serial=32216663184&tc_rand=227992428&utm_source=stf&utm_medium=email&utm_campaign=ANNO_CLEANUP_ADD&utm_content=001>
>>
>>
>>     hi list
>>
>>     for security policy , i need to remove sudo -s or -i option ,
>>     i thinks i need to modify sudo source code , but before that ,
>>     any suggtions ?
>>     ____________________________________________________________
>>     sudo-users mailing list <sudo-users at sudo.ws
>>     <mailto:sudo-users at sudo.ws>>
>>     For list information, options, or to unsubscribe, visit:
>>     https://www.sudo.ws/mailman/listinfo/sudo-users
>>     <https://www.sudo.ws/mailman/listinfo/sudo-users>
>>
>>
>



More information about the sudo-users mailing list