>>>>> "Ethan" == Ethan Benson <[EMAIL PROTECTED]> writes:

Ethan> or even seemingly innocuous things like less or even cat.

Less is a problem, yes, as is anything else with a shell escape.

Ethan> sudo less anything !/bin/sh whoami r00t!

Ethan> echo me ALL=ALL > s sudo 'cat s >> /etc/sudoers'

doesn't work.  the >> is a shell redirection, but sudo doesn't
evaluate in a shell.  

$  echo me ALL=ALL > s
$ cat s
$ sudo 'cat s > foo'
sudo: cat s > foo: command not found
$ sudo cat s \> foo
cat: >: No such file or directory
cat: foo: No such file or directory

I would be very shocked if you could compromise a system with a
sudoers entry of:
me hostname = (root) /bin/cat

Ethan> sudo is a very large cannon which is difficult to keep aimed
Ethan> away from the foot...

That it is.  But then, the root password is basically a very large
cannon built into your shoe.


Reply via email to