Re: root group in solaris


On Mon, 2006-09-18 at 15:43 -0400, Curt Tucker wrote:
Of course, someone with sudo rights to ALL like this can easily get
around not being able to "sudo su -" in a dozen ways (like "sudo
/bin/ksh", etc.).

You tend to forget about the builtin sudo -s

Also, what about sudo visudo or sudo vi /etc/sudoers? One could easily
get around this restriction that way too.

There is no way to protect yourself from root privileges except by
limiting the code that may be executed (e.g. via a setuid binary or by
limiting the executable system calls).

SyGroup GmbH
Tonnerre Lombard

Loesungen mit System
Tel:+41 61 333 80 33 Roeschenzerstrasse 9
Fax:+41 61 383 14 67 4153 Reinach BL tonnerre.lombard@xxxxxxxxxx

Attachment: signature.asc
Description: This is a digitally signed message part