su: blacklist users
Michael Hipp
michael
Fri May 26 20:29:22 PDT 2006
> From: "Dominic Lepiane" <archangel at nibble.bz>
> Tim and I have had a little discussion. Words were said, I was upset, but in
> conclusion:
>
> Using sudo for "limited" access DOES NOT WORK, don't listen to Tim.
>
> sudo can be used to grant full root access but nothing less so don't assume it
> does. That said, if you're in a small single-user environment (e.g. at
> home), sudo can be used to make admin tasks easier, like editing config files
> or installing packages. Do not do that in multi-user environments. Please.
Can you elaborate? Is sharing the root password among multi users somehow preferable to using sudo? Or is there some third alternative?
> P.S. If you have any doubts, please message Tim or I off the list. Since the
> argument involves an example exploit, I will not post the argument to the
> list and don't think I'll give you the exploits for free either. I'm not a
> cracker, I'm a *very* concerned system administrator.
Have you perchance shared this exploit with the authors of sudo?
Michael
More information about the Linux-users
mailing list