[sudo-users] sudo remove -s and -i option

Goodman Leung gbcbooksmj at gmail.com
Tue Aug 22 20:13:23 MDT 2017

well ,  before i m doing this, i have another solutions , i write a 
security binary to replace /usr/bin/sudo ,

you are now able to execute sudo -s , sudo -i , sudo su , and even sudo 

would you guys wanna try ?

i just think it is not perfect enough.

在 2017/8/23 1:18, David Ledger 写道:
> On 22 Aug 2017, at 11:35, Goodman Leung wrote:
>> yes , i agree with you ,
>> only allow explicit commands is more effective , but we it is not 
>> easy to a running business system .
>> 在 2017/8/22 15:28, Paul Cantle 写道:
> As a contact Unix SysAdmin since 1990 I’ve seen many ‘security’ 
> scenarios, and the root (:-)) of your problem isn’t sudo, but most 
> likely the security policy. Usually when it’s a battle between 
> security and getting things done it means that the security policy is 
> badly thought out. What you need are people who know what they are 
> doing who are totally trustworthy and very careful how they do things. 
> Externally produced security policies are the worst. Your company pays 
> them money, they give you a policy; but it’s then not their problem 
> that things can’t get done. Where it appears to work there’s usually a 
> hidden back door somewhere.
> David

More information about the sudo-users mailing list