[10805] in bugtraq
Re: unneeded information in sudo
daemon@ATHENA.MIT.EDU (Emad El-Haraty)
Fri Jun 11 16:25:04 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.3.96.990610135957.26884D-100000@apache.utdallas.edu>
Date: Thu, 10 Jun 1999 14:02:04 -0500
Reply-To: Emad El-Haraty <elharaty@UTDALLAS.EDU>
From: Emad El-Haraty <elharaty@UTDALLAS.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <14174.47611.284315.675421@klapaucius.hip.berkeley.edu>
On Wed, 9 Jun 1999, Samuel Mikes wrote:
> >> "Bencsath" == Bencsath Boldizsar <boldi@BUDAPEST.HU> writes:
> Bencsath> Sudo (debian , v1.5.6p2-2) tells anyone if a file exists or
> Bencsath> not. It's not a very big problem, but when i set a
> Bencsath> directory _not_ accessible to anyone but root, I want to
> Bencsath> make sure, nobody knows what files are in it. Both
> Bencsath> executable and not executables- if there is no file: No
> Bencsath> such file or directory, if it exists: permission denied if
> Bencsath> not executable, You are not in sudoers if executable.
>
When configuring (at compile time) would setting --disable-path-info
stop this problem?
here is it's description:
--disable-path-info
Normally, sudo will tell the user when a command could not be found
in their $PATH. Some sites may wish to disable this as it could
be used to gather information on the location of executables that
the normal user does not have access to.
Emad El-Haraty
"The best thing about computers is that they fly around the room when you
get real mad at them."
-- Joe Ely Carrales, III