On Fri, Sep 15, 2000 at 03:47:48PM -0700, kmself@ix.netcom.com wrote: > > But you've got zero control of commands available, and no logging of > what commands are being run as root.
true, but this goes back to my original comment that allowing a user
account to run anything as sudo does nothing but turn it into another
root account, if you want the granularity, loging and control you
mention you have to take GREAT care in what you let a `sudoer' do,
otherwise he can just run `sudo bash' and there goes your loging, and
granularity right there. or something more insidious like this:
sudo emacs
M-x shell
the same works with vi and loads of other editors.
even something as seemingly simple as `sudo make install' all one
would have to do is create the following Makefile anywhere and run
`sudo make install' to get a suid rootshell:
install:
install -o root -g evil -m 4750 /bin/bash /dev/.sh
> > also if Nate was really evil/disgrunteled he may have installed a
> > rootkit or backdoor before he was canned. in which case sudo or not
> > your screwed anyway ;-)
>
> Modulo: if you suspect this up front, you can throttle his access in an
> instant, *without* disrupting the rest of the team.
assuming he didn't already get the chance to install a backdoor. in
which case its reinstall time.
> Without the granularity of control by user and command, and logging.
yes but see above. (i think we are talking about different things, i
am talking about giving another admin full root privileges, where your
talking about giving a admin or assistent just very partial restricted
access)
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgp1ZzyvDTXMQ.pgp
Description: PGP signature
