Bug 12 – sudo -s gives a shell, despite restrictions in sudoers

Bug 12 - sudo -s gives a shell, despite restrictions in sudoers


Summary:	sudo -s gives a shell, despite restrictions in sudoers

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.6.3
Hardware:	PC Linux

Importance:	normal security
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2000-10-31 14:45 MST by mmensch
Modified:	2000-10-31 21:19 MST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mmensch 2000-10-31 14:45:13 MST

Although I've restricted all shells in the sudoers file, a user may still get
a shell by executing 'sudo -s' with no other arguments.
This has been verified on Linux 2.2.16 with sudo 1.6.3p5
Solaris 2.6 w/sudo 1.5.9p2
NetBSD 1.4.2 w/sudo 1.6.3p5

Comment 1 Todd C. Miller 2000-10-31 16:08:59 MST

There's nothing special about 'sudo -s'.  Sudo just uses the contents of the
SHELL environment variable (or failing that the shell from the password file) as
the command.  If 'sudo -s' works then 'sudo /path/to/shell' must as well.