Steven Stern wrote: > I keep meaning to edit the sudo config files to block things like > > sudo su - > sudo bash > > but I get lazy. Someday, this will bite me in the ***. Note for anyone considering this: it’s virtually impossible to make this watertight, because there are too many ways for someone to get around it. For example, what happens if someone creates a bash script and then runs it with sudo? Can people make sudo-run programs overwrite a program that they can then run with sudo, or a program that root will run normally? Can programs on the list be persuaded to run an editor or a shell? You really need to start with a very short whitelist, and add to it as required. James. -- E-mail: james@ | It is a mistake to allow any mechanical object to realise aprilcottage.co.uk | that you are in a hurry. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
