Path: ...!weretis.net!feeder9.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.omega.home.tnetconsulting.net!not-for-mail From: Grant Taylor Newsgroups: comp.os.linux.misc Subject: Re: Yet Another New systemd Feature Date: Mon, 6 May 2024 19:11:01 -0500 Organization: TNet Consulting Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Tue, 7 May 2024 00:11:01 -0000 (UTC) Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="omega.home.tnetconsulting.net:198.18.1.140"; logging-data="1393"; mail-complaints-to="newsmaster@tnetconsulting.net" User-Agent: Mozilla Thunderbird Content-Language: en-US In-Reply-To: Bytes: 2007 Lines: 25 On 5/6/24 14:08, Andy Burns wrote: > AFAIR, /usr/bin/sudo is a 'sticky' binary owned by root, so it > immediately gets root access, better hope nobody finds a way to abuse > that before it's decided whether or not to let you do what you asked it. You are correct. Thankfully we have 30+ years of sudo history and people trying to do exactly that and others defending against that very thing. > I've encountered plenty, not so well controlled, where all it takes is > "sudo su -" That's why I would tend to allow non-SA teams to have sudo with a specific command (possibly without needing to re-enter their password) while only allowing the Unix SAs to have `sudo su` et al. access. Sudo is, or very much so should be, an explicitly allow known good and block everything else by default. Negation never works as one might hope when it comes to security. -- Grant. . . .