Sure, you cannot cover everything, but mitigating at least a little bit would be OK or not? :) -Ramon On 27/10/2022 01:06, Grant Taylor wrote: > On 10/26/22 3:48 PM, Ramon Fischer wrote: >> I have created an issue at their Git repository. Maybe there will be >> solution for this: >> >>     https://github.com/sudo-project/sudo/issues/190 > > I ... don't know where to begin. > > There are so many ways that you can hurt yourself with syntactically > valid sudoers that it's not even funny. > > You could allow list almost all commands, without using the special > ALL place holder and then remark critical commands and end up in a > very similar situation. > > At some point we have to trust that Systems Administrators / Sudoers > editors know what they are doing and let them do so. > > > -- GPG public key: 5983 98DA 5F4D A464 38FD CF87 155B E264 13E6 99BF