mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 19:17:44 +00:00
Userland: Check sudoers file perms and owner in pls
As per comment found in #6319 by @bcoles, `pls` should check the permissions and owner of the sudoers file to ensure that it hasn't been compromised.
This commit is contained in:
parent
82b48d867d
commit
d44e2c9ad9
5 changed files with 99 additions and 86 deletions
|
@ -230,8 +230,8 @@ $ ninja run
|
|||
|
||||
Note that the `anon` user is able to become `root` without password by default, as a development convenience.
|
||||
To prevent this, remove `anon` from the `wheel` group and he will no longer be able to run `/bin/su`.
|
||||
`anon` is also, by default, located in `/etc/sudoers`, meaning that they will be able to execute with root permission using `pls`.
|
||||
To prevent this, remove them from `/etc/sudoers`.
|
||||
`anon` is also, by default, located in `/etc/plsusers`, meaning that they will be able to execute with root permission using `pls`.
|
||||
To prevent this, remove them from `/etc/plsusers`.
|
||||
|
||||
On Linux, QEMU is significantly faster if it's able to use KVM. The run script will automatically enable KVM if `/dev/kvm` exists and is readable+writable by the current user.
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue