[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Change root> normal user?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

James Wilkinson wrote:
> Todd Zullinger wrote:
>> If you use sudo, you don't have to give the user the root password,
>> you just edit the /etc/sudoers file to allow them to run the
>> particular command(s) you want and they enter their own password to
>> run them.
> 
> Note: depending on what the program is, this may be equivalent to
> giving users the root password. In particular, if there is any way
> to "shell out" from the program, or run an external editor, then the
> user can end up with a root shell.

Agreed.  It certainly needs to be used with care, as anything dealing
with root privileges should be used.

> I'm also concerned about the man-page paragraph:
>        To prevent command spoofing, sudo checks "." and "" (both
>        denoting current directory) last when searching for a command
>        in the user’s PATH (if one or both are in the PATH).  Note,
>        however, that the actual PATH environment variable is not
>        modified and is passed unchanged to the program that sudo
>        executes.
> 
> I read this as saying that *if* a program runs another program
> merely by name (e.g. "hostname" rather than "/bin/hostname"), then a
> malicious user could place a symlink to bash from ./hostname, change
> the PATH appropriately, and sudo the first program.

I'm not a sudo expert, but that doesn't work in my testing.  I think
that the malicious user would need to modify root's PATH, not their
own for this to work.  Additionally, commands may (probably should) be
specified in /etc/sudoers using the full pathname.  You can also
compile sudo using the --with-secure-path option to have it set the
PATH when it runs.

I have this in /etc/sudoers:

guest   ALL=/bin/true

$ whoami
guest

$ pwd
/home/guest

$ /bin/cat true
#!/bin/sh
echo "Ah ha!"

$ export PATH=.:/usr/bin

$ sudo true
sudo: ignoring `true' found in '.'
Use `sudo ./true' if this is the `true' you wish to run.

$ sudo ./true
Sorry, user guest is not allowed to execute './true' as root on hostname.

Am I missing something?

- -- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
If I had a choice, I'd... buy myself a gun, dress up like a nun, kill
the KKK and consider it some fun.
    -- Fishbone, If I Were A... I'd

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQFDBAEBAgAtBQJFEaDKJhhodHRwOi8vd3d3LnBvYm94LmNvbS9+dG16L3BncC90
bXouYXNjAAoJEEMlk4u+rwzjq0YH/1vUaXi5y6oe1pfAAnKMhqaSy23D9nxiehVf
odt0BU1jiRtSnFsZR09eszeOuAWQGJIJ1qIi+wySXkChxjYtlJEG6kNNocajA9oJ
ll48/sRCUcSQxUYeP+0lriYtLPXuHOrIsxn8yK5YuOmwy4DqVcoIzvnkcV7T+F1j
EoH6FxHmKkSVa0iCPemSPu6QLzst6urpbbQ5ngHpZdaH040/IKEESd3k4aivth/Z
fuf0xtAyDvaibeqoVbdqcOwe8VOz5NRv6nAZqWbOxcp4MvhjyTz0UJV++/0dJbRZ
qu4dvyqejEJXWTyet7mIe6GzEUX/8S7p42JozlwvBOqMAHhpC5g=
=0Wip
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]