The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Bug is sudo?


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Sat, 27 Jun 1998 14:27:56 -0600
From: "Todd C. Miller" <[email protected]>
To: [email protected]
Subject: Re: Bug is sudo?

Of course, this only works if you exist in the sudoers file, which
makes it pretty benign.  I agree that sudo should ask for a password
and this is fixed in sudo 1.5.4p1, available now from:
    ftp://ftp.cs.colorado.edu/pub/sudo/cu-sudo.v1.5.4p1.tar.Z

It is still possible for a user in sudoers to probe for binaries
but it's not really possible to disable that without making it
impossible for a sudo user to know *which* version of a command
was disallowed (for instance, sudoers may specify the system "ls"
and the user may have the GNU version first in their path).

 - todd

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру