diff options
author | Todd C. Miller <Todd.Miller@courtesan.com> | 2004-02-01 20:44:44 +0000 |
---|---|---|
committer | Todd C. Miller <Todd.Miller@courtesan.com> | 2004-02-01 20:44:44 +0000 |
commit | 234a24f337f0c8de648bc5e42aa1ae7bbef7c84b (patch) | |
tree | d0c8e10e26de5869e9d125bc1b27c0089e0cbc41 | |
parent | 46d5d9483fda6bfe546cc17f605100c4826fdece (diff) | |
download | sudo-234a24f337f0c8de648bc5e42aa1ae7bbef7c84b.tar.gz |
Add a note that noexec is not a cure-all.
-rw-r--r-- | sudoers.pod | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sudoers.pod b/sudoers.pod index 9edd4f703..5801519f9 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -1167,7 +1167,7 @@ the following as root: If the resulting output contains a line that begins with: - File containing dummy exec functions + File containing dummy exec functions: then B<sudo> may be able to replace the exec family of functions in the standard library with its own that simply return an error. @@ -1185,6 +1185,13 @@ in the User Specification section above. If you are unsure whether or not your system is capable of supporting I<noexec> you can always just try it out and see if it works. +Note that disabling shell escapes is not a panacea. Programs running +as root are still capable of many potentially hazardous operations +(such as chaning or overwriting files) that could lead to unintended +privilege escalation. In the specific case of an editor, a safer +approach is to give the user permission to run the B<sudoedit> +program. + =head1 CAVEATS The I<sudoers> file should B<always> be edited by the B<visudo> |