Re: sudo and command line expansion
From: Ali-Reza Anghaie (ali@packetknife.com)
Date: 12/18/02
- Next message: all mail refused: "Re: sudo and command line expansion"
- Previous message: Kent Smith: "Re: sudo and command line expansion"
- In reply to: Kent Smith: "Re: sudo and command line expansion"
- Next in thread: all mail refused: "Re: sudo and command line expansion"
- Reply: all mail refused: "Re: sudo and command line expansion"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Ali-Reza Anghaie <ali@packetknife.com> Date: Tue, 17 Dec 2002 19:59:03 -0500
Kent Smith wrote:
> Furthermore, IT WOULD BE LOGGED, so you could see if anyone it trying
> this on your machine. You *are* logging sudo aren't you?
>
> Security isn't worth much without reasonable monitoring.
Just another note on what I'm hoping would be obvious but I've seen people
do wrong... don't allow sudo access to another user shell unless you really
want a person to be root. Don't give sudo access to something that can make
shells calls outside of itself as well (i.e. :!<command> in vi). Etc.
Cheers, -Ali
-- OpenPGP Key: 030E44E6 -- Affero Fund: http://svcs.affero.net/rm.php?r=packetknife&p=default]</a> <a href="attachment.html">[ attachment ]</a> </ul> <They say such nice things about people at their funerals that it -- They say such nice things about people at their funerals that it makes me sad that I'm going to miss mine by just a few days. -- Garrison Keilor
- Next message: all mail refused: "Re: sudo and command line expansion"
- Previous message: Kent Smith: "Re: sudo and command line expansion"
- In reply to: Kent Smith: "Re: sudo and command line expansion"
- Next in thread: all mail refused: "Re: sudo and command line expansion"
- Reply: all mail refused: "Re: sudo and command line expansion"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
