Unix administration - Re: Beginner Question: Allowing sudo to vi hosts file

This is Interesting: Free IT Magazines  
Home > Archive > Unix administration > July 2006 > Re: Beginner Question: Allowing sudo to vi hosts file





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Re: Beginner Question: Allowing sudo to vi hosts file
Michael Heiming

2006-07-19, 7:25 pm

In comp.unix.admin implicate_order <dwai.lahiri@gmail.com>:
[vbcol=seagreen]
[vbcol=seagreen]
> Couldn't someone configure the sudoers file to implement the NOEXEC
> directive? This is specifically provided to prevent shell escapes from
> editors such as vi. This might call for a recompile of sudo binaries.

And how exactly would prevent that someone from just opening
/etc/sudoers from vi which is running as root?

> http://sudo.rtin.bz/sudo/man/sudoer...noexec_and_exec
> http://sudo.rtin.bz/sudo/man/sudoer...g_shell_escapes

It seems highly questionable why to use sudo at all when standard
unix permissions will allow to do that easily?

Extra points for writing a 5-10 line shell script you can run
from sudo deleting or adding one entry to /etc/hosts.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@urvzvat.qr | PERL -pe 'y/a-z/n-za-m/'
#bofh excuse 380: Operators killed when huge stack of backup
tapes fell over.
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com