Re: If you care about debian's security read this

To: 134521@bugs.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: If you care about debian's security read this
From: Josip Rodin <joy@cibalia.gkvk.hr>
Date: Sun, 3 Mar 2002 20:57:27 +0100
Message-id: <[🔎] 20020303195727.GA23881@cibalia.gkvk.hr>
In-reply-to: <[🔎] 20020303081334.6e250e51.kov@debian.org>
References: <[🔎] 20020303081334.6e250e51.kov@debian.org>

On Sun, Mar 03, 2002 at 08:13:34AM -0300, Gustavo Noronha Silva wrote:
> I've reported a grave bug on gnome-sudo because it will let you run
> anything as root when you configure it to be useful, even if you don't
> have ways of doing that with normal sudo

Jeff Licquia wrote:
> Yes, gnome-sudo can be made to run any command - IF you grant a user
> permission to run gnome-sudo in the first place!  If you give the user
> permission to run emacs from sudo, it can spawn a root shell too.

Gustavo Noronha Silva wrote:
> a user installs gnome-sudo and the README says (well, it doesn't at all,
> so I don't think a user will be able to run gnome-sudo...) that you must
> allow the user to run /usr/lib/gnome-sudo/gnome-sudo-helper with sudo to
> use gnome-sudo

According to what Gustavo is saying, the package incites the admin to do
something that conflicts with the contents of their sudoers file. Is that
true or not?

-- 
     2. That which causes joy or happiness.

Reply to:

Follow-Ups:
- Re: If you care about debian's security read this
  - From: Josip Rodin <joy@cibalia.gkvk.hr>

References:
- If you care about debian's security read this
  - From: Gustavo Noronha Silva <kov@debian.org>

Prev by Date: Re: unalligned sparc memory access problem (memcpy vs bcopy)
Next by Date: Re: Removed packages (kfilereplace, geheimnis, ...)
Previous by thread: Re: If you care about debian's security read this
Next by thread: Re: If you care about debian's security read this
Index(es):
- Date
- Thread