subject:"Re\: restricting command line arguments in sudo"

Re: restricting command line arguments in sudo

2003-01-22 Thread Stephen Rueger

On Wed, Jan 22, 2003 at 08:41:23AM +0100, Alexander Steinert wrote: [ stupid advice snipped ] > /usr/bin/tail /var/log/[^.]* > will prevent > sudo tail /var/log/../../etc/shadow > but not > sudo tail /var/log/apache/../../../etc/shadow > :-( Hrm, thanks for catching that. > I have no better i

Re: restricting command line arguments in sudo

2003-01-21 Thread Alexander Steinert

> > I allow read-access to all of /var/log. However, I also allow read > > access to /etc/shadow: > > > > /usr/bin/tail /var/log/../../etc/shadow > > > > does work. How can I best restrict that? I've tried > > > /usr/bin/tail/[^.]* /usr/bin/tail /var/log/[^.]* will prevent sudo tail /var/log

Re: restricting command line arguments in sudo

2003-01-21 Thread Stephen Rueger

On Tue, Jan 21, 2003 at 12:25:35PM +0100, martin f krafft wrote: > when I allow something like this in sudo: > > /usr/bin/tail /var/log/* > > I allow read-access to all of /var/log. However, I also allow read > access to /etc/shadow: > > /usr/bin/tail /var/log/../../etc/shadow > > does work

Re: restricting command line arguments in sudo

Re: restricting command line arguments in sudo

Re: restricting command line arguments in sudo

3 matches

Site Navigation

Mail list logo

Footer information