* Jonathan A. Zdziarski wrote on Mon, Jul 16, 2001 at 12:04 -0400:
> If, however, you are looking for a good way to allow someone to
> edit files using sudo, and have already rejected the idea of
> using groups or acls, consider 'elvis'.
When you have a file writeable by root only, there's no ne
These kinds of issues with sudo have been around for years. Even if you
deleted vi from the system, you can still do anything you want if you have
root privs to the right binaries:
tar: (to perform backups, etc) Untar a new password file overwriting the
old, or untar a setuid root shell leaving
On Wed, 11 Jul 2001, EnGarde Secure Linux wrote:
> privileges by leveraging certain commands.
>
>
> DETAIL
> - --
> Ralf Hemmann has, via the engarde-users mailing list, brought a security
> issue with our default /etc/sudoers file to our attention.
>
> In EnGarde Secure Linux, user
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
++
| EnGarde Secure Linux Security Advisory July 11, 2001 |
| http://www.engardelinux.org/ ESA-20010711-02 |
|