Comment 3 for bug 39061
Revision history for this message
| Tristan Wibberley (tristan-wibberley) wrote Re: [Bug 39061] Re: visudo will open existing sudoers.tmp | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
Kees Cook wrote:
> Arguably, if someone can create the .tmp file in /etc/, they have access
> to a great deal more. :)
With the default "root or bust" configuration that's true. But I like to
consider the things I wouldn't consider doing. There should be an area
for this that has a well documented purpose specifying "this directory +
this file control sudo" rather than it looking like "this file alone
controls sudo" when that's not quite true.
I think most security breaches are due to blurring of the boundaries of
use cases and blurred boundaries have a tendency to go wrong.
I agree with the low importance though.
--
Tristan Wibberley
These opinions are my own, and do not reflect those of my employer.