Cmnd_Alias subdirectories

John E Hein jhein at
Mon Jan 14 10:43:46 EST 2002

Simon Perreault wrote at 06:49 -0500 on Jan 14:
 > He would have to have sudo privileges with mkdir and mount to do such a 
 > thing. I think it's up to the admin to prevent that possibility. For example, 
 > I have sudo privileges on a box which enable me to do "sudo su". It's the 
 > admin's fault.
 > If you allow cp then that user can trash your system. You just don't give 
 > such privileges to untrustworthy people. Think of another case: that user 
 > mounts an empty partition as /usr/bin. There, nothing works. sudo is only 
 > secure as long as you trust the user.

Yes... I agree with all that.  What you said helps to make my
 point... in short: sudo admins using such a recursive Cmnd_Alias will
 have to take extra care to prevent their sudoers from being able to modify
 the dir tree at all.  As I said, I see the reason you want this behavior.
 I was just answering your inquiry if anyone saw any potential security
 problems.  You asked ;)

 > > You wanted feedback on things to consider if you wanted to implement
 > >  this option.  Maybe you want to have an option to disallow mount point
 > >  traversal.  There's a lot of issues and maybes that will come up if you
 > >  want to allow sudo'd commands under a tree as you suggest.  It made me
 > >  think of a chroot... sorry you didn't see the parallel.
 > Ah, I see it now. But I don't think chrooting would be feasible/needed.

No... not my point about the parallel between your "all subdirectories
 Cmnd_Alias" and chroot.  I'm not talking about allowing or implementing
 chroot for this.  Never mind.

More information about the sudo-workers mailing list