Re: Sudo question OT-reply (severely OT)

To: Johann Spies <jspies@sun.ac.za>
Cc: debian-security@lists.debian.org
Subject: Re: Sudo question OT-reply (severely OT)
From: Daniel Swärd <excds@kth.se>
Date: Fri, 08 Jul 2005 14:14:51 +0200
Message-id: <[🔎] 1120824892.30413.27.camel@localhost.localdomain>
In-reply-to: <[🔎] 20050708113649.GA1297@sun.ac.za>
References: <[🔎] 20050708085720.GF25947@sun.ac.za> <[🔎] 874qb5tvh7.fsf@deneb.enyo.de> <[🔎] 20050708113649.GA1297@sun.ac.za>

On Fri, 2005-07-08 at 13:36 +0200, Johann Spies wrote:
> On Fri, Jul 08, 2005 at 12:58:44PM +0200, Florian Weimer wrote:
> > * Johann Spies:
> > 
> > > alias specification Cmnd_Alias BACKUP =
> > > /opt/tivoli/tsm/client/ba/bin/dsm, \
> > > /opt/tivoli/tsm/client/ba/bin/dsmadmc, \
> > > /opt/tivoli/tsm/client/ba/bin/dsmc, \
> > > /opt/tivoli/tsm/client/ba/bin/dsmagent,\
> > > /opt/tivoli/tsm/client/ba/bin/dsmcad,\
> > > /opt/tivoli/tsm/client/ba/bin/dsmj,\
> > > /opt/tivoli/tsm/client/ba/bin/dsmtca 
> > >
> > > # User privilege specification
> > > RUGSTEUN  ALL= (root) BACKUP
> > > ============================
> > 
> > IIRC, the TSM command line clients suffer from several buffer
> > overflows, so this is roughly equivalent to giving away full root
> > access.
> 
> In theory, yes.  At least the person who is able to do this is a
> fellow administrator in my department.
> 
> What alternatives are there?

Kill him and replace him with a small shell script. ;-)

	/Daniel
-- 
File not found. Should I fake it (y/n)?

Reply to:

References:
- Sudo question
  - From: Johann Spies <jspies@sun.ac.za>
- Re: Sudo question
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Sudo question
  - From: Johann Spies <jspies@sun.ac.za>

Prev by Date: Re: Sudo question
Next by Date: Re: Debian Security Support in Place
Previous by thread: Re: Sudo question
Next by thread: Re: Debian Security Support in Place
Index(es):
- Date
- Thread