On 10/26/22 3:48 PM, Ramon Fischer wrote:
I have created an issue at their Git repository. Maybe there will be
solution for this:
https://github.com/sudo-project/sudo/issues/190
I ... don't know where to begin.
There are so many ways that you can hurt yourself with syntactically
valid sudoers that it's not even funny.
You could allow list almost all commands, without using the special ALL
place holder and then remark critical commands and end up in a very
similar situation.
At some point we have to trust that Systems Administrators / Sudoers
editors know what they are doing and let them do so.
--
Grant. . . .
unix || die