[sudo-users] Restricting / Limiting permission/ownership of targetted binaries?
L A Walsh
sudo at tlinx.org
Fri Apr 30 03:15:51 MDT 2021
On 4/26/21 7:25 AM, A. James Lewis wrote:
Hi,
> I've been trying to figure out if there's a way to cause sudo to
> validate that a particular binary has "secure permissions", before
> allowing it to run, in the same way that sshd will not use an
> "authorized_keys" file if it has insecure permissions.
If someone can change permissions on sudo,
wouldn't that mean they could turn off any other permission checks
on the binary? 'ssh/d' does checks on files owned by the user
which the unprivileged, owning user can misconfigure.
The permissions on 'sudo' can only be set by 'root' so the only
misconfiguration of permissions would have to be done by root, no?
More information about the sudo-users
mailing list