Find the answer to your Linux question:
Results 1 to 4 of 4
Hi, I've been told that making "less" accessible through sudo is considered a security risk, anyone know why that would be?...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2006
    Posts
    24

    Question about the less command


    Hi,

    I've been told that making "less" accessible through sudo is considered a security risk, anyone know why that would be?

  2. #2
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    I would ask for clarification from the person who made that comment, because it doesn't really make sense.

    The less program should be available to everyone anyway. (No sudo required for operation.)

  3. #3
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692

    Lightbulb

    I was re-reading some of my old subscribed threads and came across this.

    I think I see what you're asking now. The problem with giving a sudoer access to the less program is that person could run a shell command using it. So you might think you're giving someone access only to less, but in effect you're giving a full root shell.

    From the COMMANDS section of the less manpages:
    ! shell-command
    ...Invokes a shell to run the shell-command given....
    Pretty nasty little gotcha.

  4. #4
    Linux Enthusiast
    Join Date
    Aug 2006
    Posts
    631
    And that's also true for almost all editors!

    Regards

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •