Problems with sudo
Matt Shields
matt-urrlRJtNKRMsHrnhXWJB8w at public.gmane.org
Fri Nov 27 14:39:37 EST 2009
On Fri, Nov 27, 2009 at 2:24 PM, Matt Shields <matt-urrlRJtNKRMsHrnhXWJB8w at public.gmane.org> wrote:
> Is there anyone on the list that has some suggestions on securing sudo?
> For years we've used sudo to give our developers and qa access to production
> servers run cat, less, more and tail to view logs, but nothing else. But a
> recent know it all developer who seems to think that he shouldn't abide by
> rules has figured out that in less if you hit ! then /bin/bash he can get a
> root shell. Anyone know of a way of forbidding dropping to shell from any
> of these applications?
>
> -matt
> http://www.sysadminvalley.com
> http://www.beantownhost.com
> http://www.linkedin.com/in/mattboston
> Mike Ditka <http://www.brainyquote.com/quotes/authors/m/mike_ditka.html> - "If God had wanted man to play soccer, he wouldn't have given us arms."
Ok, I found if I put the following in /etc/bashrc, then it will keep them
from using ! in less. Anything other suggestions for cat, more and tail?
LESSSECURE=1
export LESSSECURE
-matt
http://www.sysadminvalley.com
http://www.beantownhost.com
http://www.linkedin.com/in/mattboston
Pablo Picasso<http://www.brainyquote.com/quotes/authors/p/pablo_picasso.html>
- "Computers are useless. They can only give you answers."
More information about the Discuss
mailing list