From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sun, 1 Feb 2004 20:44:44 +0000 (+0000)
Subject: Add a note that noexec is not a cure-all.
X-Git-Tag: SUDO_1_6_8~192
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3a31bf9747acebbf21694a1c0e05f63180c6fb96;p=sudo

Add a note that noexec is not a cure-all.
---

diff --git a/sudoers.pod b/sudoers.pod
index 9edd4f703..5801519f9 100644
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -1167,7 +1167,7 @@ the following as root:
 
 If the resulting output contains a line that begins with:
 
-    File containing dummy exec functions
+    File containing dummy exec functions:
 
 then B<sudo> may be able to replace the exec family of functions
 in the standard library with its own that simply return an error.
@@ -1185,6 +1185,13 @@ in the User Specification section above.  If you are unsure whether
 or not your system is capable of supporting I<noexec> you can always
 just try it out and see if it works.
 
+Note that disabling shell escapes is not a panacea.  Programs running
+as root are still capable of many potentially hazardous operations
+(such as chaning or overwriting files) that could lead to unintended
+privilege escalation.  In the specific case of an editor, a safer
+approach is to give the user permission to run the B<sudoedit>
+program.
+
 =head1 CAVEATS
 
 The I<sudoers> file should B<always> be edited by the B<visudo>