Re: sudo and command line expansion
From: Jay G. Scott (gl@arlut.utexas.edu)
Date: 12/20/02
- Next message: Ben Webb: "Re: Is ttsh still OK?"
- Previous message: Felix Havemann: "Re: Is ttsh still OK?"
- In reply to: all mail refused: "Re: sudo and command line expansion"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: gl@arlut.utexas.edu (Jay G. Scott) Date: 19 Dec 2002 18:35:04 -0600
In article <slrnb021da.c44.elvis@notatla.demon.co.uk>,
all mail refused <invited_via_fww@reckoning.robertgraham.com> wrote:
>In article <atqup9$hj4$2@newsfeed1.server.iphh.net>, Felix Havemann wrote:
>
>>>>want a person to be root. Don't give sudo access to something that can make
>>>>shells calls outside of itself as well (i.e. :!<command> in vi). Etc.
>
>>Even less can call an editor... mostly "vi". So do not let sudoers use less
>>either.
>
>"less" and "more" are problematic here. "pg" has a supposedly safe option
>of which I don't have the docs to hand.
>
>--
>decoy mail addresses: obtain username via 0x4f/tcp or 0x50/tcp
> send sir_nat_the_brat@hotmail.com to submit@spamarchive.org
thanks to all who replied. The truth is, I should have consulted my
shell docs for shell expansion rules. That should have convinced me.
Just a case of brain fade.
No, no, there won't be any access to /bin/sh or similar. Perish the
thought--I did know better than that.
less and more are a bit of a surprise. I hadn't thought of
those. Thanks for the other hints/reminders, too. I've saved them.
j.
-- Jay Scott 512-835-3553 gl@arlut.utexas.edu Head of Sun Support, Sr. Operating Systems Specialist Applied Research Labs, Computer Science Div. S224 University of Texas at Austin
- Next message: Ben Webb: "Re: Is ttsh still OK?"
- Previous message: Felix Havemann: "Re: Is ttsh still OK?"
- In reply to: all mail refused: "Re: sudo and command line expansion"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
