<div dir="ltr">On 19 April 2013 16:28, Gregory Matthews <span dir="ltr"><<a href="mailto:greg.matthews@diamond.ac.uk" target="_blank">greg.matthews@diamond.ac.uk</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 18/04/13 18:07, Hearns, John wrote:<br>
> As an aside, a normal user can trigger a drop of the caches before the start of a job.<br>
> If you have looked into it, sudo echo 3 > /proc/sys/vm/drop_caches is well nigh impossible.<br>
<br>
</div>eh?<br>
echo 3 | sudo tee /proc/sys/vm....<br></blockquote><div><br></div><div style>As a warning to anyone who doesn't know, if you don't configure sudo to restrict the allowable command line arguments to tee, then the following will work just as well:</div>
<div style>cat /dev/zero | sudo tee /dev/sda</div><div style><br></div><div style>Also, be careful about allowing users to sudo programs such as "vi", "less" and even "more" - because they all have the ability to create new shell from within them (via the '!' command) - allowing people to escalate privileges.</div>
<div style><br></div><div style>Cheers<br></div></div>-- <br>Jonathan Barber <<a href="mailto:jonathan.barber@gmail.com">jonathan.barber@gmail.com</a>>
</div></div>