![[LWN Logo]](/images/lwn.banner.gif)
Date: Tue, 8 Jun 1999 21:23:55 +0200 From: Bencsath Boldizsar <boldi@BUDAPEST.HU> Subject: unneeded information in sudo To: BUGTRAQ@NETSPACE.ORG Sudo (debian , v1.5.6p2-2) tells anyone if a file exists or not. It's not a very big problem, but when i set a directory _not_ accessible to anyone but root, I want to make sure, nobody knows what files are in it. Both executable and not executables- if there is no file: No such file or directory, if it exists: permission denied if not executable, You are not in sudoers if executable. > ls -la a total 4 drwx------ 2 root root 1024 Jun 8 21:25 . drwx------ 7 root root 1024 Jun 8 21:22 .. -rwxr-xr-x 1 root root 1363 Jun 8 21:23 doit > su - alias No directory, logging in with HOME=/ $ /root/a/doit su: /root/a/doit: Permission denied $ /root/a/doit2 su: /root/a/doit2: Permission denied $ sudo /root/a/doit alias is not in the sudoers file. This incident will be reported. $ sudo /root/a/doit2 sudo: /root/a/doit2: No such file or directory $ dpkg -l sudo ... ||/ Name Version Description +++-===============-==============-============================================ ii sudo 1.5.6p2-2 Provides limited super user privileges > chmod a-x /root/a/doit > su - alias No directory, logging in with HOME=/ $ sudo /root/a/doit sudo: /root/a/doit: Permission denied $ sudo /root/a/doit2 sudo: /root/a/doit2: No such file or directory boldi