The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > Security
Reload this Page sudo question
Google UNIX.COM
Forums Portal Register Forum Rules FAQContribute Members List Arcade Search Today's Posts Mark Forums Read



Thread: sudo question
View Single Post in UNIX Forums - Click on the Thread or Permalink to View Entire Thread -->
  #3 (permalink)  
Old 04-16-2008
melias melias is offline
Registered User
  

Join Date: Oct 2007
Posts: 14
Thanks for the reply, but I'm still uncertain.

The issue I want to stop is as follows:

A user makes a copy of /usr/bin/bash and renames it to /home/user/not_bash.

Since the copy has been done under the user's account, and not via sudo, there's no checking to see whether the command is allowed or not. Bash executable has read access for everyone, so making a copy of it is not restricted.

Now, what's to stop the user from executing the following:

sudo /home/user/not_bash (or any other name)

to elevate themselves to root?

I do not want to specify every individual command the user is allowed to run via sudo as I would need to list the majority of o/s commands as I want users to be able to perform most system commands, just not be able to elevate to the root account (or any other user's, for that matter).
Reply With Quote