Date: Mon, 19 Jul 1999 15:33:03 -0400 From: bill@twwells.com (T. William Wells) To: freebsd-questions@freebsd.org Subject: Re: how to watch the root user? Message-ID: <7mvubh$2hht$1@twwells.com> References: <7muo54$reg$1@twwells.com> <Pine.BSF.4.05.9907200015390.1033-100000@localhost.cgu.chel.su>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <Pine.BSF.4.05.9907200015390.1033-100000@localhost.cgu.chel.su>, Ilia Chipitsine <ilia@cgilh.chel.su> wrote: : sudo is also supposed to provide a restricted set of commands. : what is the difference between those shells and sudo ?! A "restricted shell" tries to be a complete shell, except that it supposedly only allows certain programs to run or the user to visit certain directories. That sort of thing. The thing is, it's usually possible to get around the restrictions. For example, a program that the user is allowed might allow the spawning of a shell and there's a good chance it'll spawn /bin/sh instead of $SHELL. And then there is echo 'gibberishthatexecs/bin/shell' >foo; chmod 775 foo; foo. The list of holes is endless. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7mvubh$2hht$1>