Date: Tue, 9 Jul 1996 22:11:54 -0300 (ADT) From: Peter Howlett <phowlett@ASG.unb.ca> To: Brian Tao <taob@io.org> Cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org> Subject: Re: sudo Message-ID: <Pine.A32.3.93.960709214758.14947A-100000@angus.ASG.unb.ca> In-Reply-To: <Pine.NEB.3.92.960709200721.18177A-100000@zap.io.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 9 Jul 1996, Brian Tao wrote: > What are people's feelings towards the "sudo" utility? Is it > really all that usefull, or does it just open up a lot of potential > avenues of attack and abuse? Some of our co-located customers want to > have it installed so they can do some root-privileged stuff, instead > of getting us to do it all the time (even though that's what they pay > us to do). We use sudo here at the office. It can be useful, but you do have to be _very_ careful with it. Allowing someome to sudo a vi session for instance grants root access. (:!/bin/sh) There are of course many other more obscure ways of getting a root shell as well, depending on what you allow in the sudoers file. We've seen people even sudoing shell scripts that are world writable for instance. As far as security holes are concerned, I have not heard of any, but that doesnt mean they dont exist... We use sudo more to keep our less educated users from requiring root for basic things like enabling the print queues on the office printers, etc... Its also handy for allowing regular admins to use their own shells and environments for doing root type things if you can sudo a shell. I personally wouldnt use it on a machine that has the possiblity of housing accounts of questionable intergrity. Its easy to not be paying enough attention to it, especially if you are a busy admin (is there any other kind?) -------------------------------------------------------------------- Peter Howlett Atlantic Systems Group E-Mail: Peter.Howlett@ASG.unb.ca Fredericton, N.B. Canada http://www.ASG.unb.ca/personal/ph.html Phone: (506) 447-3050 PGP Key ID: 60F2EEC1 Fax: (506) 453-5004
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.A32.3.93.960709214758.14947A-100000>