You make a good point, even if one of your examples is flawed:
$ sudo 'cat s >> /etc/sudoers'
sudo: cat s >> /etc/sudoers: command not found
sudo is a very useful tool in the type of situation described in this
thread. Even if you give everyone ALL=(ALL) ALL, it's better than su
or even .ssh/authorized_keys{,2} because of one thing in particular:
It's looooooooog! It's loooooooooog! It's big! It's heavy! It's wood!
Okay, so it's not really big or heavy, nor remotely wood. But it does
give you things like this to peer at later:
Jul 6 17:24:59 gobo sudo: vineet : TTY=pts/1 ; PWD=/tmp/ucspi-tcp ;
USER=root ; COMMAND=/usr/bin/dpkg -i
/home/vineet/ucspi-tcp_0.88-5_i386.deb
Jul 6 17:32:10 gobo sudo: vineet : TTY=pts/2 ; PWD=/etc/init.d ;
USER=root ; COMMAND=/etc/init.d/qmail restart
Which can be very useful. It's not foolproof by any means, and as you
demonstrate, can usually be trivially reduced to su, but it's better
as a *standard* way of doing things on a system on which multiple people
play root. If you can't trust those people, then you're screwed no
matter what tools you use.
Vineet
* Ethan Benson (erbenson@alaska.net) [010706 16:27]:
> On Fri, Jul 06, 2001 at 09:43:55AM -0500, Nathan E Norman wrote:
> >
> > OTOH if you restrict the user to a list of commands in /etc/sudoers,
> > it's wise to consider whether the user might be able to leverage one of
> > those commands to edit /etc/sudoers (or any other file). If you're
> > going to list "emacs" or "vi" in /etc/sudoers, you might as well just
> > list "ALL" :)
>
> or even seemingly innocuous things like less or even cat.
>
> sudo less anything
> !/bin/sh
> whoami
> r00t!
>
> echo me ALL=ALL > s
> sudo 'cat s >> /etc/sudoers'
>
> sudo is a very large cannon which is difficult to keep aimed away from
> the foot...
>
> --
> Ethan Benson
> http://www.alaska.net/~erbenson/
Attachment:
pgpPVp_406Pvj.pgp
Description: PGP signature