Solène :flan_hacker: on Nostr: I need some eyes to review a sudo rule, it should allow users to run a command under ...
I need some eyes to review a sudo rule, it should allow users to run a command under a "vpn" network namespace, without a password
solene ALL=(root) NOPASSWD: /usr/sbin/ip netns exec vpn /usr/bin/sudo -u solene *
I do not think this can be exploited security wise?
Published at
2024-06-18 19:48:45Event JSON
{
"id": "db2d435579001e3ef4e30e849b8444732fd5cba25afa980a2b169c2565ca085b",
"pubkey": "30e4a2f3acb279498a7f05638fbc911230aa17a9ce095e56d8b983bacfba1c31",
"created_at": 1718740125,
"kind": 1,
"tags": [
[
"proxy",
"https://bsd.network/users/solene/statuses/112639352832387840",
"activitypub"
]
],
"content": "I need some eyes to review a sudo rule, it should allow users to run a command under a \"vpn\" network namespace, without a password\n\nsolene ALL=(root) NOPASSWD: /usr/sbin/ip netns exec vpn /usr/bin/sudo -u solene *\n\nI do not think this can be exploited security wise?",
"sig": "1c4099e476d7bd3d3e0cc4bf4f981959bcfe2cfdd163bec6422e2d28d8833cb9bdd53edc1271599f23afcc970fcba8e1004289464764df69da54a7f4cbb1561f"
}
