Re: sudoer security problem on server

To: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>
Cc: debian-user@lists.debian.org
Subject: Re: sudoer security problem on server
From: Steve Kemp <skx@debian.org>
Date: Sun, 29 Mar 2009 15:05:30 +0100
Message-id: <[🔎] 20090329140530.GA23808@steve.org.uk>
In-reply-to: <[🔎] 49CF7AA5.60805@kalinowski.com.br>
References: <[🔎] 128a87f00903281724n65be5152o298441ee4c64f3a0@mail.gmail.com> <[🔎] 20090329003909.GX15287@n0nb.us> <[🔎] 49CF7AA5.60805@kalinowski.com.br>

On Sun Mar 29, 2009 at 10:41:57 -0300, Eduardo M KALINOWSKI wrote:

> This will allow them to run make as root. Not only they will be able to
> install anywhere (not only under /usr/local), but they can run any
> command by creating a Makefile that does what they want to do.

  Indeed.

> If one wants to restrict access to a directory, file permissions (or
> ACLs) are more efficient.

  Yes, and that is why the "staff" group exists.  See the permissions
 on /usr/local.  Bear in mind jumping from staff -> root isn't hard,
 but that is a separate issue.

Steve
--
Debian GNU/Linux System Administration
http://www.debian-administration.org/

Reply to:

References:
- sudoer security problem on server
  - From: zhang zhengquan <zhang.zhengquan@gmail.com>
- Re: sudoer security problem on server
  - From: Nate Bargmann <n0nb@n0nb.us>
- Re: sudoer security problem on server
  - From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>

Prev by Date: Re: sudoer security problem on server
Next by Date: Re: Consolechars Question
Previous by thread: Re: sudoer security problem on server
Next by thread: Re: sudoer security problem on server
Index(es):
- Date
- Thread