Unix administration - Re: Beginner Question: Allowing sudo to vi hosts file

This is Interesting: Free IT Magazines  
Home > Archive > Unix administration > July 2006 > Re: Beginner Question: Allowing sudo to vi hosts file





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Re: Beginner Question: Allowing sudo to vi hosts file
implicate_order

2006-07-19, 1:40 pm

> Very, very dangerous! PLEASE DON'T! You can shell escape from vi
> so you made the person root.
>
> Simply change permissions to 664 and assign some group to the file
> and make the user member of this group. Check for cron jobs or
> alike running regular checking and possibly reseting permissions.
>

Couldn't someone configure the sudoers file to implement the NOEXEC
directive? This is specifically provided to prevent shell escapes from
editors such as vi. This might call for a recompile of sudo binaries.

http://sudo.rtin.bz/sudo/man/sudoer...noexec_and_exec
http://sudo.rtin.bz/sudo/man/sudoer...g_shell_escapes

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com