From: Todd C. Miller Date: Fri, 7 Aug 2015 23:05:50 +0000 (-0600) Subject: Emphasis on the never. X-Git-Tag: SUDO_1_8_15^2~87 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f1053af3b55dee37ac0cf9a07d0b71823c19894f;p=sudo Emphasis on the never. --- diff --git a/doc/sudo.cat b/doc/sudo.cat index e329e7925..acdcd4699 100644 --- a/doc/sudo.cat +++ b/doc/sudo.cat @@ -433,11 +433,11 @@ SSEECCUURRIITTYY NNOOTTEESS environment variable is _n_o_t modified and is passed unchanged to the program that ssuuddoo executes. - Users should not be granted ssuuddoo privileges to execute files that are + Users should _n_e_v_e_r be granted ssuuddoo privileges to execute files that are writable by the user or that reside in a directory that is writable by the user. If the user can modify or replace the command there is no way to limit what additional commands they can run. Likewise, users should - not be granted ssuuddooeeddiitt permission to edit a file that resides in a + _n_e_v_e_r be granted ssuuddooeeddiitt permission to edit a file that resides in a directory the user has write access to. A user with directory write access could replace the legitimate file with a link to some other, arbitrary, file. Starting with version 1.8.15, ssuuddooeeddiitt will refuse to diff --git a/doc/sudo.man.in b/doc/sudo.man.in index 43e8a877c..642444005 100644 --- a/doc/sudo.man.in +++ b/doc/sudo.man.in @@ -869,13 +869,17 @@ modified and is passed unchanged to the program that \fBsudo\fR executes. .PP -Users should not be granted +Users should +\fInever\fR +be granted \fBsudo\fR privileges to execute files that are writable by the user or that reside in a directory that is writable by the user. If the user can modify or replace the command there is no way to limit what additional commands they can run. -Likewise, users should not be granted +Likewise, users should +\fInever\fR +be granted \fBsudoedit\fR permission to edit a file that resides in a directory the user has write access to. diff --git a/doc/sudo.mdoc.in b/doc/sudo.mdoc.in index 119fff913..654722ea5 100644 --- a/doc/sudo.mdoc.in +++ b/doc/sudo.mdoc.in @@ -804,13 +804,17 @@ modified and is passed unchanged to the program that .Nm executes. .Pp -Users should not be granted +Users should +.Em never +be granted .Nm privileges to execute files that are writable by the user or that reside in a directory that is writable by the user. If the user can modify or replace the command there is no way to limit what additional commands they can run. -Likewise, users should not be granted +Likewise, users should +.Em never +be granted .Nm sudoedit permission to edit a file that resides in a directory the user has write access to. diff --git a/doc/sudoers.cat b/doc/sudoers.cat index fca92d331..16aa52c98 100644 --- a/doc/sudoers.cat +++ b/doc/sudoers.cat @@ -2310,7 +2310,7 @@ SSEECCUURRIITTYY NNOOTTEESS of _/_e_t_c_/_m_o_t_d. After the file has been edited, _/_e_t_c_/_m_o_t_d will be updated with the contents of the temporary copy. - Users should never be granted ssuuddooeeddiitt permission to edit a file that + Users should _n_e_v_e_r be granted ssuuddooeeddiitt permission to edit a file that resides in a directory the user has write access to, either directly or via a wildcard. If the user has write access to the directory it is possible to replace the legitimate file with a link to another file, diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index aee2c3a3a..4e4597531 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -4725,7 +4725,9 @@ After the file has been edited, \fI/etc/motd\fR will be updated with the contents of the temporary copy. .PP -Users should never be granted +Users should +\fInever\fR +be granted \fBsudoedit\fR permission to edit a file that resides in a directory the user has write access to, either directly or via a wildcard. diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index ca1ae1963..9b8886a0c 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -4357,7 +4357,9 @@ After the file has been edited, .Pa /etc/motd will be updated with the contents of the temporary copy. .Pp -Users should never be granted +Users should +.Em never +be granted .Nm sudoedit permission to edit a file that resides in a directory the user has write access to, either directly or via a wildcard.