Date: Sat, 28 Apr 2012 19:53:30 -0400 From: Jason Hellenthal <jhellenthal@dataix.net> To: Freddie Cash <fjwcash@gmail.com> Cc: Kurt Jaeger <lists@opsec.eu>, freebsd-stable@freebsd.org Subject: Re: Restricting users from certain privileges Message-ID: <20120428235330.GA38601@DataIX.net> In-Reply-To: <CAOjFWZ49y0d9oZTNqrwqAv-Yg0JioRckU1zEBXm-RdJ9RRKq0w@mail.gmail.com> References: <CACuV5sCyCgn8aBawTEP=BT%2B%2B4Ut4kPt8fXSq%2BgcS2YrkZaU%2BJw@mail.gmail.com> <E1SO2ER-000K66-8k@kabab.cs.huji.ac.il> <CACuV5sCHmnUnXTTY%2BkGqszi-Ynu8Vr3bf%2BLALf=yQbhHPXSdXA@mail.gmail.com> <4F9BBABA.6040708@rdtc.ru> <0F37A1B9-993B-4A4E-9FCC-8B19AADCFB72@punkt.de> <20120428102117.GX37811@e-new.0x20.net> <20120428180431.GP5335@home.opsec.eu> <20120428230214.GA34324@DataIX.net> <CAOjFWZ49y0d9oZTNqrwqAv-Yg0JioRckU1zEBXm-RdJ9RRKq0w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Apr 28, 2012 at 04:34:34PM -0700, Freddie Cash wrote: > On Apr 28, 2012 4:03 PM, "Jason Hellenthal" <jhellenthal@dataix.net> wrote: > > cp /usr/bin/vi ~/ > > > > or upload your own... > > > > sudo $HOME/vi > > > > If your Cmnd_Alias includes the full path to vi, then your last command > won't work. I know. Just an example of why you should be careful. I had an admin on a box I supervise add an entry where it enabled a user to run miscelaneous commands. It did not effect anything since the user is well trusted but if it had been the other way around and had not be caught the sheer consequence of such could have been disasterous. -- - (2^(N-1))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120428235330.GA38601>