Berthold Cogel <cogel@uni-koeln.de> wrote:
> We're doing somthing like this in /etc/sudoers:
> Cmnd_Alias SHELLS = /bin/sh, \
> /bin/bash, \
[...]
> TRUSTED_USR ALL = NOPASSWD: ALL ,!SHELLS, NOROOT
Surely this breaks trivially?
ln -s /bin/bash /tmp/somethingelse
sudo /tmp/somethingelse
Chris