"In the bad thing category, you could break your sudo config."
What do you mean by that?
Original Message
From: ludovic coues
To: whynot sudo
Subject: Re: What bad things could happen if we don't use sudoedit?
Date: Mon, 27 Apr 2015 18:52:56 +0200
> 2015-04-27 18:46 GMT+02:00 whynot sudo :
> > Hello list,
> >
> > We know it's safer* to use sudoedit, but what bad things can happen if we
> > have the following in sudoers?
> >
> > Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi
> > foouser LOCALHOST = NOPASSWD: NOEXEC: FOO
> >
> > Can the "foouser" escape to root prompt? - of course besides that he could
> > now edit the /etc/shadow file to put a custom pwd hash to the root user to
> > become root in about 3 seconds..
> >
> > Maybe some magic in .vimrc?
> >
> > *=sudo vi would run as root. but sudoedit would run as the given user, the
> > edited file will be copied before/after editing it.
> >
> > Thanks.
> >
>
>
>
> In the bad thing category, you could break your sudo config.