Re: If you care about debian's security read this
On Sun, Mar 03, 2002 at 08:57:27PM +0100, joy wrote:
> > I've reported a grave bug on gnome-sudo because it will let you run
> > anything as root when you configure it to be useful, even if you don't
> > have ways of doing that with normal sudo
>
> Jeff Licquia wrote:
> > Yes, gnome-sudo can be made to run any command - IF you grant a user
> > permission to run gnome-sudo in the first place! If you give the user
> > permission to run emacs from sudo, it can spawn a root shell too.
>
> Gustavo Noronha Silva wrote:
> > a user installs gnome-sudo and the README says (well, it doesn't at all,
> > so I don't think a user will be able to run gnome-sudo...) that you must
> > allow the user to run /usr/lib/gnome-sudo/gnome-sudo-helper with sudo to
> > use gnome-sudo
>
> According to what Gustavo is saying, the package incites the admin to do
> something that conflicts with the contents of their sudoers file. Is that
> true or not?
Ah, I read a bit better now and noticed:
kov ALL = (root)
So it's not that serious indeed.
--
2. That which causes joy or happiness.
Reply to: