On Fri, Jan 02, 2004 at 08:55:59AM -0800, Ben Barrett wrote: > >On Thu, 1 Jan 2004 21:01:14 -0800 >Jacob Meuser <[EMAIL PROTECTED]> wrote: > >| On Thu, Jan 01, 2004 at 03:19:53PM -0800, Ben Barrett wrote: >| > Ah yes, sudo is a Good Thing, although be wary of allowing "sudo su", >| > for if you are trying to limit your normal users' actions, and get a log >| > of what they sudo, you'll only ever see that they became root, at which >| > point they have untrackable control. >| >| That's only the tip of the iceberg, so to speak. Don't forget that >| such seemingly harmless programs as 'less' and 'more' can execute >| commands, like "!sh". > >Are you talking about control-Z suspend or something else? >
No, shell escapes. Many *NIX programs, especially ones that originated before job control became common, support some keystroke combination to launch a subshell, so that the user can run a command without having to exit from their current program and lose their work. Vi, for example, will do it from the ! keystroke, as will ed. The launched subshell has the powers and abilities of the program that launched it, so "sudo vi" and ! will give you a root shell. -- "That time in Seattle... was a nightmare. I came out of it dead broke, without a house, without anything except a girlfriend and a knowledge of UNIX." "Well, that's something," Avi says. "Normally those two are mutually exclusive." --Neal Stephenson, "Cryptonomicon" _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
