11 Sep
2013
11 Sep
'13
12:54 p.m.
Hi,
There was a pretty serious bug in sudo that was
subsequently fixed but
recently made the news when the Metasploit platform added it - because
Apple hadn't fixed sudo in OS X.
Shell access is a tricky thing. There are almost always local root
exploits at any given time so giving shell access out shouldn't be done
as lightly as other things: sudo is the least of your worries.
sudo itself is a handy tool to have on every machine and its auditing
and logging capabilities have a lot going for them so overall it's a win.
I'm glad I don't have to run a shell serv{er,ice}.
...but I'm also aware that the handful of users I have given adhoc
shells to are in a particularly privileged position with respect to the
data I store on behalf of other people who only have, say, IMAP access.
Regards,
@ndy
--
andyjpb(a)ashurst.eu.org
http://www.ashurst.eu.org/
0x7EBA75FF