Add a note that noexec is not a cure-all.

author: Todd C. Miller <Todd.Miller@courtesan.com> 2004-02-01 20:44:44 +0000
committer: Todd C. Miller <Todd.Miller@courtesan.com> 2004-02-01 20:44:44 +0000
commit: 234a24f337f0c8de648bc5e42aa1ae7bbef7c84b (patch)
tree: d0c8e10e26de5869e9d125bc1b27c0089e0cbc41
parent: 46d5d9483fda6bfe546cc17f605100c4826fdece (diff)
download: sudo-234a24f337f0c8de648bc5e42aa1ae7bbef7c84b.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/sudoers.pod b/sudoers.pod
index 9edd4f703..5801519f9 100644
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -1167,7 +1167,7 @@ the following as root:
 
 If the resulting output contains a line that begins with:
 
-    File containing dummy exec functions
+    File containing dummy exec functions:
 
 then B<sudo> may be able to replace the exec family of functions
 in the standard library with its own that simply return an error.
@@ -1185,6 +1185,13 @@ in the User Specification section above.  If you are unsure whether
 or not your system is capable of supporting I<noexec> you can always
 just try it out and see if it works.
 
+Note that disabling shell escapes is not a panacea.  Programs running
+as root are still capable of many potentially hazardous operations
+(such as chaning or overwriting files) that could lead to unintended
+privilege escalation.  In the specific case of an editor, a safer
+approach is to give the user permission to run the B<sudoedit>
+program.
+
 =head1 CAVEATS
 
 The I<sudoers> file should B<always> be edited by the B<visudo>
author	Todd C. Miller <Todd.Miller@courtesan.com>	2004-02-01 20:44:44 +0000
committer	Todd C. Miller <Todd.Miller@courtesan.com>	2004-02-01 20:44:44 +0000
commit	234a24f337f0c8de648bc5e42aa1ae7bbef7c84b (patch)
tree	d0c8e10e26de5869e9d125bc1b27c0089e0cbc41
parent	46d5d9483fda6bfe546cc17f605100c4826fdece (diff)
download	sudo-234a24f337f0c8de648bc5e42aa1ae7bbef7c84b.tar.gz