From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-199910-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 36D08158020
	for <garchives@archives.gentoo.org>; Wed, 26 Oct 2022 23:07:55 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 3E504E09F7;
	Wed, 26 Oct 2022 23:07:50 +0000 (UTC)
Received: from tncsrv06.tnetconsulting.net (tncsrv06.tnetconsulting.net [IPv6:2600:3c00:e000:1e9::8849])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id CC379E075F
	for <gentoo-user@lists.gentoo.org>; Wed, 26 Oct 2022 23:07:49 +0000 (UTC)
Received: from Contact-TNet-Consulting-Abuse-for-assistance
	by tncsrv06.tnetconsulting.net (8.15.2/8.15.2/Debian-3) with ESMTPSA id 29QN7mrr022652
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO)
	for <gentoo-user@lists.gentoo.org>; Wed, 26 Oct 2022 18:07:48 -0500
Subject: Re: [gentoo-user] Update to /etc/sudoers disables wheel users!!!
To: gentoo-user@lists.gentoo.org
References: <Y1icwhwgw3WJpBQG@waltdnes.org>
 <AM6PR10MB2440A940379969FE0A2D6D32EF309@AM6PR10MB2440.EURPRD10.PROD.OUTLOOK.COM>
 <Y1jURxx+uvtr5E/Y@waltdnes.org>
 <AM6PR10MB244018D45D67CF1633EAB4F6EF309@AM6PR10MB2440.EURPRD10.PROD.OUTLOOK.COM>
 <e19fda7e-8611-fcbf-a275-ccf8a2ea1fd3@spamtrap.tnetconsulting.net>
 <AM6PR10MB244072B23AC2FA84B29C14D3EF309@AM6PR10MB2440.EURPRD10.PROD.OUTLOOK.COM>
 <20221026192203.4721a707@digimed.co.uk>
 <44b8fdd1-a618-ad1c-3b9b-e256ad555440@spamtrap.tnetconsulting.net>
 <VI1PR10MB2445FF25A90350EF7E0987AFEF309@VI1PR10MB2445.EURPRD10.PROD.OUTLOOK.COM>
From: Grant Taylor <gtaylor@gentoo.tnetconsulting.net>
Organization: TNet Consulting
Message-ID: <45b54eef-a818-2fb8-321a-8526c12c346d@spamtrap.tnetconsulting.net>
Date: Wed, 26 Oct 2022 17:06:51 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.13.0
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
In-Reply-To: <VI1PR10MB2445FF25A90350EF7E0987AFEF309@VI1PR10MB2445.EURPRD10.PROD.OUTLOOK.COM>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Archives-Salt: 037c261b-ece8-4bba-a9a3-fbbdc0f5dc84
X-Archives-Hash: cf3de1b1e73a5ff1538812df69673d56

On 10/26/22 3:48 PM, Ramon Fischer wrote:
> I have created an issue at their Git repository. Maybe there will be 
> solution for this:
> 
>     https://github.com/sudo-project/sudo/issues/190

I ... don't know where to begin.

There are so many ways that you can hurt yourself with syntactically 
valid sudoers that it's not even funny.

You could allow list almost all commands, without using the special ALL 
place holder and then remark critical commands and end up in a very 
similar situation.

At some point we have to trust that Systems Administrators / Sudoers 
editors know what they are doing and let them do so.



-- 
Grant. . . .
unix || die