 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Fri, Nov 27, 2009 at 2:24 PM, Matt Shields <matt-urrlRJtNKRMsHrnhXWJB8w at public.gmane.org> wrote: > Is there anyone on the list that has some suggestions on securing sudo? > For years we've used sudo to give our developers and qa access to production > servers run cat, less, more and tail to view logs, but nothing else. But a > recent know it all developer who seems to think that he shouldn't abide by > rules has figured out that in less if you hit ! then /bin/bash he can get a > root shell. Anyone know of a way of forbidding dropping to shell from any > of these applications? > > -matt > http://www.sysadminvalley.com > http://www.beantownhost.com > http://www.linkedin.com/in/mattboston > Mike Ditka <http://www.brainyquote.com/quotes/authors/m/mike_ditka.html> - "If God had wanted man to play soccer, he wouldn't have given us arms." Ok, I found if I put the following in /etc/bashrc, then it will keep them from using ! in less. Anything other suggestions for cat, more and tail? LESSSECURE=1 export LESSSECURE -matt http://www.sysadminvalley.com http://www.beantownhost.com http://www.linkedin.com/in/mattboston Pablo Picasso<http://www.brainyquote.com/quotes/authors/p/pablo_picasso.html> - "Computers are useless. They can only give you answers."
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
