Results 1 to 4 of 4
Hi, I've been told that making "less" accessible through sudo is considered a security risk, anyone know why that would be?...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 10-30-2006 #1
- Join Date
- Oct 2006
Question about the less command
I've been told that making "less" accessible through sudo is considered a security risk, anyone know why that would be?
- 10-30-2006 #2
I would ask for clarification from the person who made that comment, because it doesn't really make sense.
The less program should be available to everyone anyway. (No sudo required for operation.)
- 11-21-2006 #3
I was re-reading some of my old subscribed threads and came across this.
I think I see what you're asking now. The problem with giving a sudoer access to the less program is that person could run a shell command using it. So you might think you're giving someone access only to less, but in effect you're giving a full root shell.
From the COMMANDS section of the less manpages:! shell-command
...Invokes a shell to run the shell-command given....
- 11-21-2006 #4
- Join Date
- Aug 2006
And that's also true for almost all editors!