Re: VI wrapper for SUDO?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
In message <[🔎] 20011202130232.N7108@wiggy.net>, Wichert Akkerman writes:
>Previously Ted Cabeen wrote:
>> However, thinking about it, this doesn't work. If you're editing as root, you
>> can use :e to switch to editing a SUID root file (any one you can write to
>> will work), delete the entire contents, and then use :r to bring in the
>> /bin/sh executable.
>
>But you can restrict the file to edit in your sudoers file anyway so
>that trick won't work.
You can restrict the command line arguments with sudo, but you can't actually
restrict vi to only allow one specific file to be edited. Even basic vi
allows you to use the :e command to change which file you're editing.
When it comes down to it, allowing someone to edit a file as root allows them
to edit any file as root. I think the edit as the user and then copy into
place strategy is the only one that really works, and even it is restricted
to files in directories the user doesn't have write access to.
- --
Ted Cabeen http://www.pobox.com/~secabeen ted@impulse.net
Check Website or Keyserver for PGP/GPG Key BA0349D2 secabeen@pobox.com
"I have taken all knowledge to be my province." -F. Bacon secabeen@cabeen.org
"Human kind cannot bear very much reality."-T.S.Eliot cabeen@netcom.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE8C7T2oayJfLoDSdIRAv7TAKCobE8bFTKPzECikPTvIP45Cdjd0QCfQf6f
pPEuPhF+BkwDx3YzZYYb0FA=
=8nH4
-----END PGP SIGNATURE-----
Reply to: