Results 1 to 4 of 4
Hi,
I've been told that making "less" accessible through sudo is considered a security risk, anyone know why that would be?...
- 10-30-2006 #1Just Joined!
- Join Date
- Oct 2006
- Posts
- 24
Question about the less command
Hi,
I've been told that making "less" accessible through sudo is considered a security risk, anyone know why that would be?
- 10-30-2006 #2Linux Guru
- Join Date
- Mar 2005
- Location
- Texas
- Posts
- 1,692
I would ask for clarification from the person who made that comment, because it doesn't really make sense.
The less program should be available to everyone anyway. (No sudo required for operation.)
- 11-21-2006 #3Linux Guru
- Join Date
- Mar 2005
- Location
- Texas
- Posts
- 1,692
I was re-reading some of my old subscribed threads and came across this.
I think I see what you're asking now. The problem with giving a sudoer access to the less program is that person could run a shell command using it. So you might think you're giving someone access only to less, but in effect you're giving a full root shell.
From the COMMANDS section of the less manpages:Pretty nasty little gotcha.! shell-command
...Invokes a shell to run the shell-command given....
- 11-21-2006 #4Linux Enthusiast
- Join Date
- Aug 2006
- Posts
- 631
And that's also true for almost all editors!
Regards
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts