Quote:
Originally Posted by Turbocapitalist
In addition to rvim, there is also the NOEXEC option in sudoers. With NOEXEC, it is possible to prevent vi from running shells. The sudoers(5) manual page has a whole section on preventing shell escapes. So use both NOEXEC and rvim.
|
My version of
sudo doesn’t have it compiled in, maybe I test it later. But processes running under root will ignore LD_PRELOAD (for safety reason), and so I’m not sure whether the hook in
sudo will work as they speak from doing it via LD_PRELOAD to replace the calls of the
exec-family.