From owner-freebsd-stable@FreeBSD.ORG  Sat Apr 28 23:53:34 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7B4F9106566C
	for <freebsd-stable@freebsd.org>; Sat, 28 Apr 2012 23:53:34 +0000 (UTC)
	(envelope-from jhellenthal@dataix.net)
Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com
	[209.85.210.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 2967B8FC0A
	for <freebsd-stable@freebsd.org>; Sat, 28 Apr 2012 23:53:34 +0000 (UTC)
Received: by iahk25 with SMTP id k25so3603780iah.13
	for <freebsd-stable@freebsd.org>; Sat, 28 Apr 2012 16:53:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa;
	h=date:from:to:cc:subject:message-id:references:mime-version
	:content-type:content-disposition:in-reply-to;
	bh=/psRitIdR9RgWt7hMc142IheGYerBzpk+p0UxLJ07ao=;
	b=CkE60pTiZRsXSNVZ+YXN/jB0la9Ix0ObC81Mt+fFv39oRzTkr1AROBAHihL362Cu3/
	Bj9GSVNZvR13QykZUvGSpwLM5Mg9a4QykcMfAeP1JZvHQIop9btdYOIFthIvPoLJwX3l
	oLgZo9GAVHXnHwwktAj6VC6+1M60rl180UqsY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=date:from:to:cc:subject:message-id:references:mime-version
	:content-type:content-disposition:in-reply-to:x-gm-message-state;
	bh=/psRitIdR9RgWt7hMc142IheGYerBzpk+p0UxLJ07ao=;
	b=Jt4J94QW5JspzSnW8haqK6ptVX0rRrjjJd4Ho8eNkGIvcDIbQ+0FNweTe7/am7r6C9
	m/0ZP51KGMQVz62p5ZCeQFEJ+6KikfFjvBReLr4vvhZIM+3ngSPiIa7P1B38YARV0p/n
	TORkSeM4qBNEpoaEuFR/ZRESSP8MSBOgfi80v2NtXjiX1kt7w1sbRGy17oJgww+CQSPh
	bYwTH0CaN4gAxdQrEs1iqpNFnSxr75Z4Es+W8B+0WCyqP8iKpkQ2ExsD1P/uminA1tru
	+j/fHv8OY0L+7Sjzoy1GILrB9teZhZvSuulFIEQjUdYtjknFwTeH9UQdfnZEvnqrVJ8/
	P+PA==
Received: by 10.50.190.197 with SMTP id gs5mr6805321igc.37.1335657213805;
	Sat, 28 Apr 2012 16:53:33 -0700 (PDT)
Received: from DataIX.net (adsl-99-181-146-133.dsl.klmzmi.sbcglobal.net.
	[99.181.146.133])
	by mx.google.com with ESMTPS id a10sm8678228igj.10.2012.04.28.16.53.32
	(version=TLSv1/SSLv3 cipher=OTHER);
	Sat, 28 Apr 2012 16:53:33 -0700 (PDT)
Received: from DataIX.net (localhost [127.0.0.1])
	by DataIX.net (8.14.5/8.14.5) with ESMTP id q3SNrVFX038658
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sat, 28 Apr 2012 19:53:31 -0400 (EDT)
	(envelope-from jhellenthal@DataIX.net)
Received: (from jhellenthal@localhost)
	by DataIX.net (8.14.5/8.14.5/Submit) id q3SNrVLM038657;
	Sat, 28 Apr 2012 19:53:31 -0400 (EDT)
	(envelope-from jhellenthal@DataIX.net)
Date: Sat, 28 Apr 2012 19:53:30 -0400
From: Jason Hellenthal <jhellenthal@dataix.net>
To: Freddie Cash <fjwcash@gmail.com>
Message-ID: <20120428235330.GA38601@DataIX.net>
References: <CACuV5sCyCgn8aBawTEP=BT++4Ut4kPt8fXSq+gcS2YrkZaU+Jw@mail.gmail.com>
	<E1SO2ER-000K66-8k@kabab.cs.huji.ac.il>
	<CACuV5sCHmnUnXTTY+kGqszi-Ynu8Vr3bf+LALf=yQbhHPXSdXA@mail.gmail.com>
	<4F9BBABA.6040708@rdtc.ru>
	<0F37A1B9-993B-4A4E-9FCC-8B19AADCFB72@punkt.de>
	<20120428102117.GX37811@e-new.0x20.net>
	<20120428180431.GP5335@home.opsec.eu>
	<20120428230214.GA34324@DataIX.net>
	<CAOjFWZ49y0d9oZTNqrwqAv-Yg0JioRckU1zEBXm-RdJ9RRKq0w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAOjFWZ49y0d9oZTNqrwqAv-Yg0JioRckU1zEBXm-RdJ9RRKq0w@mail.gmail.com>
X-Gm-Message-State: ALoCoQnpsRSf0Gu4wlgJdvwLp00pOIuoJb1+hxw+vVK+Kh3kq2iVxxcxajryKw2CojlxaCXz4DkF
Cc: Kurt Jaeger <lists@opsec.eu>, freebsd-stable@freebsd.org
Subject: Re: Restricting users from certain privileges
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Apr 2012 23:53:34 -0000



On Sat, Apr 28, 2012 at 04:34:34PM -0700, Freddie Cash wrote:
> On Apr 28, 2012 4:03 PM, "Jason Hellenthal" <jhellenthal@dataix.net> wrote:
> > cp /usr/bin/vi ~/
> >
> > or upload your own...
> >
> > sudo $HOME/vi
> >
> 
> If your Cmnd_Alias includes the full path to vi, then your last command
> won't work.

I know. Just an example of why you should be careful. I had an admin on
a box I supervise add an entry where it enabled a user to run
miscelaneous commands. It did not effect anything since the user is well
trusted but if it had been the other way around and had not be caught
the sheer consequence of such could have been disasterous.

-- 

 - (2^(N-1))