sudo
is sometimes used to give untrusted or "semi-trusted" users the ability to perform certain tasks as root, while not giving them unlimited root access. This is usually done via an entry into /etc/sudoers
, specifying which programs can be executed.
However, some programs may provide more (no pun intended) functionality than expected, such as more
, less
, man
or find
, which offer to execute other programs - most notably a shell.
Usually, which programs are safe to execute depends on knowledge of the sysadmin. Certain binaries like echo
or cat
are most likely safe (i.e. don't allow the user to spawn a shell), while others like the examples above are known to be exploitable.
Is there a way to assess with reasonable confidence whether or not an executable is "safe" when given sudo
permissions for? Or is the only way a comprehensive source-code audit?
In response to cat
not being safe: Yes, it can be used to read sensitive files as root. In some setups, this may be the intended use-case (e.g. a limited user being able to read as root, but not write).
Furthermore, comments or answers explaining to me that sudo
is not the correct way to grant read permissions like this: I know. I am absolutely aware how a file-system should be structured, but due to the nature of my work, I can't influence how file-systems are structured on those servers. All I can do is to see which recommendation fixes the immediate problem. So please, don't challenge the frame of the question. I don't have an XY-problem.