[Asterisk-Users] Re: asterisk-u] Can I runAsterisk remotely from telnetsession?
R P Herrold
herrold at owlriver.com
Mon Aug 18 06:34:35 MST 2003
On Mon, 18 Aug 2003, Adams, Gavin wrote:
> > "sudo su -" is kind of a stange thing to do. You would probably be
> > better of doing "sudo bash" as it also will give you a bash prompt
> > with root login.
>
> Good point on Linux/BSD boxen. My sudo 'training' days came from AIX and
> Solaris. :)
I am missing something as to it being a 'good point'; I
disagree, and consider the first formulation more cautious. --
The reason for the '-' after the su is to clear out a
potentially hostile user environment (path, aliases, and the
like). A clever malicious user can 'booby-trap', say, 'ls'
and tell an admin that they cannot delete a file. Admin
wanders over, and runs ls which acts normally, as it notices
root privs are not present. Admin runs 'sudo su' up to root,
and re-runs 'ls' command which notices the root auth, and adds
a backdoor or three ... game over.
Properly configured, 'sudo' should not have worked from a
non-authorized user's account, but misconfig's happen.
Indeed, even from a sudo authorized user's account, a person
someimes steps away from console without locking it.
Without clearing the environment and path, an incautious admin
using 'sudo bash' is more likely to lose control of their
hosts.
-- Russ Herrold
More information about the asterisk-users
mailing list