I have seen configs like user ALL=(ALL) ALL Then there have also been configs like user ALL= (ALL) ALL ! a few commands here Here the admin allowed all comands apart froma few. Of course in this case the silly admin had allowed an editor vi so the sudoer simply run sudo vi then in vi :SHELL and voila he had a root shell. On Wed, 25 Apr 2001, dirk janssen wrote:
On Wed, 25 Apr 2001, semat wrote:
but unless sudo is well configured someone can always do sudo bash and then all their subsequent commands will not be logged. Same thing with sudo su -
well, that is not really true: unless sudo is *particularly badly* configured this is impossible!
Remember that sudo wants you to list all alllowed commands in its config file, with path and all. So unless you do a 'ls /bin /sbin' and pipe the result into your sudo config, 'sudo bash' is going to shut the door at you and log the attempt in the logfile.
Dirk
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com