Re: restricting command line arguments in sudo

To: debian users <debian-user@lists.debian.org>
Subject: Re: restricting command line arguments in sudo
From: Stephen Rueger <stephen.rueger@rechnerpost.org>
Date: Tue, 21 Jan 2003 23:21:19 +0100
Message-id: <[🔎] 20030121222119.GA12107@rechnerpost.org>
Mail-followup-to: debian users <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20030121112535.GA16113@fishbowl.madduck.net>
References: <[🔎] 20030121112535.GA16113@fishbowl.madduck.net>

On Tue, Jan 21, 2003 at 12:25:35PM +0100, martin f krafft wrote:
> when I allow something like this in sudo:
> 
>   /usr/bin/tail /var/log/*
> 
> I allow read-access to all of /var/log. However, I also allow read
> access to /etc/shadow:
> 
>   /usr/bin/tail /var/log/../../etc/shadow
> 
> does work. How can I best restrict that? I've tried


/usr/bin/tail/[^.]*


mfg,

Stephen Rüger

-- 
Jede Nation spottet über die andere, und alle haben recht.
-- Schopenhauer

Attachment: pgp0ceTUqDlIx.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: restricting command line arguments in sudo
  - From: Alexander Steinert <stony8@gmx.de>

References:
- restricting command line arguments in sudo
  - From: martin f krafft <madduck@debian.org>

Prev by Date: Re: Own kernel doesn't work
Next by Date: Re: ASUS266-VM
Previous by thread: restricting command line arguments in sudo
Next by thread: Re: restricting command line arguments in sudo
Index(es):
- Date
- Thread