On Fri, Jul 13, 2001 at 10:52:09AM +0200, Anders Gjære wrote:
> do sudo default allow the sudo-user to run every program,
> or just the program you spesify?
>
> how will sudo work if you use the "time" command?
>
> like "time vim /etc/passwd"
before asking these questions try reading the sudo a
also sprach Anders Gj?re (on Fri, 13 Jul 2001 10:52:09AM +0200):
> do sudo default allow the sudo-user to run every program,
> or just the program you spesify?
the latter, of course.
> how will sudo work if you use the "time" command?
> like "time vim /etc/passwd"
if you allow time with arbitra
PROTECTED]
Sent: 13. juli 2001 10:45
To: debian-security@lists.debian.org
Subject: Re: Sudo and Chown?
On Thu, Jul 12, 2001, Ethan Benson wrote:
> i am not certain that would solve it entirely though, how are you
> restricting them to only chown files in a certain directory?
Just an idea.. does
hi ya
in sudo.conf ... you define what commands users can run as root...
so as long as chown is not listed... they cant "chown" anything sitting
anywhere
c ya
alvin
On Fri, 13 Jul 2001, Michel Kaempf wrote:
> On Thu, Jul 12, 2001, Ethan Benson wrote:
> > i am not certain that would solve it en
On Thu, Jul 12, 2001, Ethan Benson wrote:
> i am not certain that would solve it entirely though, how are you
> restricting them to only chown files in a certain directory?
Just an idea.. does your sudoers file protect you from attacks like the
one below?
sudo chown /place/chown/is/allowed/../../
On Fri, Jul 13, 2001 at 10:52:09AM +0200, Anders Gjære wrote:
> do sudo default allow the sudo-user to run every program,
> or just the program you spesify?
>
> how will sudo work if you use the "time" command?
>
> like "time vim /etc/passwd"
before asking these questions try reading the sudo
also sprach Anders Gj?re (on Fri, 13 Jul 2001 10:52:09AM +0200):
> do sudo default allow the sudo-user to run every program,
> or just the program you spesify?
the latter, of course.
> how will sudo work if you use the "time" command?
> like "time vim /etc/passwd"
if you allow time with arbitr
PROTECTED]]
Sent: 13. juli 2001 10:45
To: [EMAIL PROTECTED]
Subject: Re: Sudo and Chown?
On Thu, Jul 12, 2001, Ethan Benson wrote:
> i am not certain that would solve it entirely though, how are you
> restricting them to only chown files in a certain directory?
Just an idea.. does your sud
hi ya
in sudo.conf ... you define what commands users can run as root...
so as long as chown is not listed... they cant "chown" anything sitting
anywhere
c ya
alvin
On Fri, 13 Jul 2001, Michel Kaempf wrote:
> On Thu, Jul 12, 2001, Ethan Benson wrote:
> > i am not certain that would solve it e
On Thu, Jul 12, 2001, Ethan Benson wrote:
> i am not certain that would solve it entirely though, how are you
> restricting them to only chown files in a certain directory?
Just an idea.. does your sudoers file protect you from attacks like the
one below?
sudo chown /place/chown/is/allowed/../..
* Jason Healy ([EMAIL PROTECTED]) [010712 17:23]:
>
> chmod/chown are extremely dangerous binaries to give root privs on, as
> they essentially give you the ability to setuid anything to root.
> That said, most binaries can be dangerous when given root privs (bash,
> cat, echo, rm, cp, mv, tar).
>
* Siggy Brentrup ([EMAIL PROTECTED]) [010712 17:13]:
>
> Assuming the file resides on an ext2 fs, consider chattr +i, even root
> can't create a hardlink nor modify the file without removing the
> immutable attribute.
>
...but making all files in the filesystem immutable (minus those that
shou
On Thu, 12 Jul 2001, Ethan Benson wrote:
> define `it'
'it' can, nonetheless :)
--
[-]
"you're wasting my time, chatterbox."
On Fri, Jul 13, 2001 at 01:40:41AM +0200, Tamas TEVESZ wrote:
> On Thu, 12 Jul 2001, Ethan Benson wrote:
>
> > ln -s / /place/chown/is/allowed/foo
> > sudo chown /place/chown/is/allowed/foo/etc/passwd
>
> it doesn't follow symlinks
define `it'
--
Ethan Benson
http://www.alaska.net/~erbenson
At 994972732s since epoch (07/12/01 19:18:52 -0400 UTC), Paul Socolow wrote:
> I would like to give a user the ability to chown files in certain
> directories to other users ownership.
As per earlier discussions about sudo, it's very difficult to give
'limited' sudo access.
Even if you fix the ha
Paul Socolow <[EMAIL PROTECTED]> writes:
> I would like to give a user the ability to chown files in certain
> directories to other users ownership.
>
> I have configured sudo to limit the users and files that can be specified
> for this operation, but there is still one loophole that bugs me:
>
On Thu, 12 Jul 2001, Ethan Benson wrote:
> ln -s / /place/chown/is/allowed/foo
> sudo chown /place/chown/is/allowed/foo/etc/passwd
it doesn't follow symlinks
--
[-]
"you're wasting my time, chatterbox."
On Thu, Jul 12, 2001 at 04:18:52PM -0700, Paul Socolow wrote:
> I would like to give a user the ability to chown files in certain
> directories to other users ownership.
>
> I have configured sudo to limit the users and files that can be specified
> for this operation, but there is still one looph
* Jason Healy ([EMAIL PROTECTED]) [010712 17:23]:
>
> chmod/chown are extremely dangerous binaries to give root privs on, as
> they essentially give you the ability to setuid anything to root.
> That said, most binaries can be dangerous when given root privs (bash,
> cat, echo, rm, cp, mv, tar).
* Siggy Brentrup ([EMAIL PROTECTED]) [010712 17:13]:
>
> Assuming the file resides on an ext2 fs, consider chattr +i, even root
> can't create a hardlink nor modify the file without removing the
> immutable attribute.
>
...but making all files in the filesystem immutable (minus those that
sho
On Thu, 12 Jul 2001, Ethan Benson wrote:
> define `it'
'it' can, nonetheless :)
--
[-]
"you're wasting my time, chatterbox."
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Fri, Jul 13, 2001 at 01:40:41AM +0200, Tamas TEVESZ wrote:
> On Thu, 12 Jul 2001, Ethan Benson wrote:
>
> > ln -s / /place/chown/is/allowed/foo
> > sudo chown /place/chown/is/allowed/foo/etc/passwd
>
> it doesn't follow symlinks
define `it'
--
Ethan Benson
http://www.alaska.net/~erbenso
At 994972732s since epoch (07/12/01 19:18:52 -0400 UTC), Paul Socolow wrote:
> I would like to give a user the ability to chown files in certain
> directories to other users ownership.
As per earlier discussions about sudo, it's very difficult to give
'limited' sudo access.
Even if you fix the h
Paul Socolow <[EMAIL PROTECTED]> writes:
> I would like to give a user the ability to chown files in certain
> directories to other users ownership.
>
> I have configured sudo to limit the users and files that can be specified
> for this operation, but there is still one loophole that bugs me:
>
On Thu, 12 Jul 2001, Ethan Benson wrote:
> ln -s / /place/chown/is/allowed/foo
> sudo chown /place/chown/is/allowed/foo/etc/passwd
it doesn't follow symlinks
--
[-]
"you're wasting my time, chatterbox."
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Troubl
On Thu, Jul 12, 2001 at 04:18:52PM -0700, Paul Socolow wrote:
> I would like to give a user the ability to chown files in certain
> directories to other users ownership.
>
> I have configured sudo to limit the users and files that can be specified
> for this operation, but there is still one loop
26 matches
Mail list logo