From owner-freebsd-questions@FreeBSD.ORG  Thu Dec 29 11:47:04 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 606FA106564A
	for <freebsd-questions@freebsd.org>;
	Thu, 29 Dec 2011 11:47:04 +0000 (UTC)
	(envelope-from jmc-freebsd2@milibyte.co.uk)
Received: from avasout07.plus.net (avasout07.plus.net [84.93.230.235])
	by mx1.freebsd.org (Postfix) with ESMTP id B6FFD8FC08
	for <freebsd-questions@freebsd.org>;
	Thu, 29 Dec 2011 11:47:03 +0000 (UTC)
Received: from curlew.milibyte.co.uk ([84.92.153.232]) by avasout07 with smtp
	id Ezn01i007516WCc01zn1yS; Thu, 29 Dec 2011 11:47:01 +0000
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.0 cv=KLrY/S5o c=1 sm=1 a=lfSX4pPLp9EkufIcToJk/A==:17
	a=rLpCYgkgFLgA:10 a=ZTb9aqGL9YkA:10 a=8nJEP1OIZ-IA:10
	a=WxvX87kmRgQkkSVV4FoA:9 a=wPNLvfGTeEIA:10
	a=lfSX4pPLp9EkufIcToJk/A==:117
Received: by curlew.milibyte.co.uk with local (Exim 4.77)
	(envelope-from <jmc-freebsd2@milibyte.co.uk>) id 1RgERo-000160-8Z
	for freebsd-questions@freebsd.org; Thu, 29 Dec 2011 11:47:00 +0000
From: Mike Clarke <jmc-freebsd2@milibyte.co.uk>
To: freebsd-questions@freebsd.org
Date: Thu, 29 Dec 2011 11:46:59 +0000
User-Agent: KMail/1.9.10
References: <CA+Ne_iJfFK43CE+L2LHcqNSmv7AmRDYyAu4pXGFpd3QB+y3p2w@mail.gmail.com>
	<20111229105847.e15848ba.freebsd@edvax.de> <4EFC3FA3.1060603@my.gd>
In-Reply-To: <4EFC3FA3.1060603@my.gd>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <201112291147.00042.jmc-freebsd2@milibyte.co.uk>
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: jmc-freebsd2@milibyte.co.uk
X-SA-Exim-Scanned: No (on curlew.milibyte.co.uk);
	SAEximRunCond expanded to false
Subject: Re: OT: Root access policy
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Dec 2011 11:47:04 -0000

On Thursday 29 December 2011, Damien Fleuriot wrote:

[snip]

> "sudo su -" or "sudo sh" and the customer gets a native root shell
> which does *not* log commands !

[snip]

> Say the customer can sudo commands located in
> /usr/local/libexec/CUSTOMER/
>
> All he has to do is write a simple link to sh/bash, and sudo it.

But if it's possible to determine exactly what commands the customer 
needs to run as root then putting suitable incantations 
into /usr/local/etc/sudoers should prevent the customer from being able 
to use tricks like that.

-- 
Mike Clarke