[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: restricting command line arguments in sudo



On Wed, Jan 22, 2003 at 08:41:23AM +0100, Alexander Steinert wrote:

[ stupid advice snipped ]
 
> /usr/bin/tail /var/log/[^.]*
> will prevent
> sudo tail /var/log/../../etc/shadow
> but not
> sudo tail /var/log/apache/../../../etc/shadow
> :-(

Hrm, thanks for catching that.
 
> I have no better idea.

Either hardcoding everything in /etc/sudoers or using a wrapper
script/program, it really doesn't look like there's another way.

mfg,

Stephen Rüger

-- 
Jede Nation spottet über die andere, und alle haben recht.
-- Schopenhauer

Attachment: pgp6UXHw8HvyP.pgp
Description: PGP signature


Reply to: