[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Change root> normal user?



Todd Zullinger wrote:
> If you use sudo, you don't have to give the user the root password,
> you just edit the /etc/sudoers file to allow them to run the
> particular command(s) you want and they enter their own password to
> run them.

Note: depending on what the program is, this may be equivalent to giving
users the root password. In particular, if there is any way to "shell
out" from the program, or run an external editor, then the user can end
up with a root shell.

I'm also concerned about the man-page paragraph:
       To prevent command spoofing, sudo checks "." and "" (both
       denoting current directory) last when searching for a command in
       the user’s PATH (if one or both are in the PATH).  Note, however,
       that the actual PATH environment variable is not modified and is
       passed unchanged to the program that sudo executes.

I read this as saying that *if* a program runs another program merely by
name (e.g. "hostname" rather than "/bin/hostname"), then a malicious
user could place a symlink to bash from ./hostname, change the PATH
appropriately, and sudo the first program.

In general, simple text-mode programs are OK, complex graphical ones may
well have holes.

James.
-- 
E-mail:     james@ | *No-one* liked the Joshua N'Clement block. The people who
aprilcottage.co.uk | lived there thought everyone should be taken out and then
                   | the block should be blown up, and the people who lived
                   | near the block just wanted it blown up.
                   |     -- Terry Pratchett


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]