[hangar18-general] Q: A question of security vulnerability

Wayne Walker wwalker at broadq.com
Fri May 9 05:57:18 PDT 2003 

sudo is actually almost never secure.  As you imply, with line 1 bob can
do _anything_ just like line 2.

Here are some more less obvious examples where bob can do _anything_

1. bob pine
2. bob vi
3. bob chown
4. bob chmod

With any of the 4 above, bob can do anything.

With 1 or 2, bob can run any command from within the program (! is
allowed in vi, and if you set $EDITOR to vi before running pine...)

In 3 and 4, bob can make setuid programs or change perms on /etc and put
his own passwd/shadow files in place.

Bottom line, if you give someone sudo access you should tgrust them to
be root, OR you should only allow them to run very specific
_scripts/binaries_ that you wrote for them specifically (e.g.
chown_files_to_others_in_his_primary_group, restart_lpd,
restart_httpd...)  And here you still have to be careful about these
programs....

On Thu, May 08, 2003 at 09:34:15PM -0500, Jim Choate wrote:
> 
> Given a basic Linux (or *nix) system with a user bob. Assume that bob has
> sudo capability. There are two approaches (I'm not going to use exact
> syntax):
> 
> 1.	bob	sh
> 
> 2.	bob	All
> 
> So, in the first case bob can:  sudo sh -c "foo"
> 
> and in the second bob can: sudo foo
> 
> Why would the first approach represent a more secure mechanism?
> 
> It is true that sh could be a wrapper or have sticky bits, etc. We'll
> assume these are not an issue. The point being why is running a program
> directly as root in this manner less secure than running the program
> through a shell as root?
> 
> Example? Explanation?
> 
> Thanks.
> 
> 
>  --
>     ____________________________________________________________________
> 
>       We are all interested in the future for that is where you and I
>       are going to spend the rest of our lives.
> 
>                               Criswell, "Plan 9 from Outer Space"
> 
>       ravage at ssz.com                            jchoate at open-forge.org
>       www.ssz.com                               www.open-forge.org
>     --------------------------------------------------------------------

-- 

Wayne Walker

www.broadq.com :)  Bringing digital video and audio to the living room

More information about the cypherpunks-legacy mailing list