https://community.hpe.com/t5/operating-system-hp-ux/sudo/m-p/3729839#M254352 Shalom Kashru,<BR /><BR />I differ with the last answer to number 3. Though there are no known vulnerabilities with the sudo product, which is stable and in wide use, there are inherent problems with sudo itself. <BR /><BR />If used to grant access on the wrong utility it can open up your system completely to malicious, or more likely stupid users. It is very important to use this utility in a very, very limited way.<BR /><BR />sudo increases security if it allows you to keep non-admins from root access and if its used carefully and in a limited way.<BR /><BR />sudo ships with a special visudo or visudoers utility that when saving the file, updates the sudo database.<BR /><BR />Good Luck. Mon, 13 Feb 2006 00:48:13 GMT Steven E. Protter 2006-02-13T00:48:13Z https://community.hpe.com/t5/operating-system-hp-ux/sudo/m-p/3729836#M254349 I have configured sudo for giving some access to our helpdesk team. My manager wants to know about the security issues about it like<BR /><BR />1. who made sudo<BR />2. where is the configuration file and what is the permission of that.<BR />3. Is there any known threat?<BR /><BR />Can anyoune help me in this. Sun, 12 Feb 2006 19:21:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo/m-p/3729836#M254349 Khashru 2006-02-12T19:21:39Z https://community.hpe.com/t5/operating-system-hp-ux/sudo/m-p/3729837#M254350 1. Who made sudo: Check out <A href="http://www.courtesan.com" target="_blank">http://www.courtesan.com</A> for lots of information on sudo.<BR /><BR />2. It depends on the installation. Sometimes it is /etc/sodu/sudoers, sometimes /usr/local/etc/sudo/sudoers. I have seen it in other directories as well. Permissions on one of my machines are readable by the owner and group (both root) only.<BR /><BR />3. Any known thread: Information here on the only sudo security issue I have ever seen: <A href="http://www.sudo.ws/sudo/alerts/path_race.html" target="_blank">http://www.sudo.ws/sudo/alerts/path_race.html</A><BR /><BR />Sudo is a great product and the benefits far outweigh the risks in my opinion. Sun, 12 Feb 2006 19:38:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo/m-p/3729837#M254350 Patrick Wallek 2006-02-12T19:38:11Z https://community.hpe.com/t5/operating-system-hp-ux/sudo/m-p/3729838#M254351 Hi Khashru, <BR /><BR />Q1. who made sudo <BR /><BR />Ans : Sudo is an Opensource utlity distributed under ISC-style license. It is part of Internet Express suite as well, you can download it for 11.11 and 11.23<BR /><BR /><A href="http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111" target="_blank">http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111</A><BR /><A href="http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1123" target="_blank">http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1123</A><BR /><BR />Main site is at : <A href="http://www.courtesan.com/sudo/" target="_blank">http://www.courtesan.com/sudo/</A><BR /><BR />Q2. where is the configuration file and what is the permission of that.<BR />"sudoers" is the configuration file for sudo. If you install Internet express version of sudo, you can find "sudoers" at /opt/iexpress/sudo/etc/ directory. <BR /><BR />Permission will be 644. <BR /><BR />Q3.Is there any known threat?<BR /><BR />Current version 1.6.8p12 is risk free, <BR /><BR />See all Sudo reated security alerts at <A href="http://www.courtesan.com/sudo/alerts/" target="_blank">http://www.courtesan.com/sudo/alerts/</A><BR /><BR />-Arun Sun, 12 Feb 2006 22:48:08 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo/m-p/3729838#M254351 Arunvijai_4 2006-02-12T22:48:08Z https://community.hpe.com/t5/operating-system-hp-ux/sudo/m-p/3729839#M254352 Shalom Kashru,<BR /><BR />I differ with the last answer to number 3. Though there are no known vulnerabilities with the sudo product, which is stable and in wide use, there are inherent problems with sudo itself. <BR /><BR />If used to grant access on the wrong utility it can open up your system completely to malicious, or more likely stupid users. It is very important to use this utility in a very, very limited way.<BR /><BR />sudo increases security if it allows you to keep non-admins from root access and if its used carefully and in a limited way.<BR /><BR />sudo ships with a special visudo or visudoers utility that when saving the file, updates the sudo database.<BR /><BR />Good Luck. Mon, 13 Feb 2006 00:48:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo/m-p/3729839#M254352 Steven E. Protter 2006-02-13T00:48:13Z https://community.hpe.com/t5/operating-system-hp-ux/sudo/m-p/3729840#M254353 hi;<BR /><BR />1) there is a sudo web page at <A href="http://www.sudo.ws/sudo/" target="_blank">http://www.sudo.ws/sudo/</A><BR /><BR />2)/etc/sudoers<BR />-r--r----- 1 root root <BR /><BR /><BR />regards<BR />mustafa Tue, 14 Feb 2006 01:54:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo/m-p/3729840#M254353 Mustafa Gulercan 2006-02-14T01:54:18Z https://community.hpe.com/t5/operating-system-hp-ux/sudo/m-p/3729841#M254354 hi Khashru.<BR /><BR />Many questions on sudo also answered at the following url:<BR /><A href="http://groups.google.mu/group/alt.hacking/msg/4de350322e329c48?&amp;q=sudo+security+threats" target="_blank">http://groups.google.mu/group/alt.hacking/msg/4de350322e329c48?&amp;q=sudo+security+threats</A><BR /><BR />hope this helps too!<BR /><BR />kind regards<BR />yogeeraj Tue, 14 Feb 2006 04:23:41 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo/m-p/3729841#M254354 Yogeeraj_1 2006-02-14T04:23:41Z