ALT Linux sysadmins discussion
 help / color / mirror / Atom feed
* [Sysadmins] Fwd: Re: Sudo tricks
@ 2006-03-30 18:32 Michael Shigorin
  0 siblings, 0 replies; only message in thread
From: Michael Shigorin @ 2006-03-30 18:32 UTC (permalink / raw)
  To: sysadmins

	Hi!
Опинион, тасказать.

----- Forwarded message from Krzysztof Halasa <khc/pm.waw.pl> -----

Date: Tue, 28 Mar 2006 15:27:25 +0200
From: Krzysztof Halasa <khc/pm.waw.pl>
To: John Richard Moser <nigelenki/comcast.net>
Subject: Re: Sudo tricks
Cc: bugtraq/securityfocus.com

John Richard Moser <nigelenki/comcast.net> writes:

> My conclusion is that the only real way to protect against this is for
> bash to look for every binary in your path when you don't specify a
> path; and check to see if any of those binaries is SUID.  If even one
> is, it should FLAT OUT IGNORE any aliases or non-SUID matches (to avoid
> PATH=$HOME attacks).  What do you all think?

It won't work. If your non-root account is compromised you can't use
sudo, su (or anything that changes access rights) safely. For example,
you can't be sure what shell are you using.

The password check (or other challenge) does only make sense if the
terminal (on which it's entered: shell and user account count too) and
the machine which checks it (the system) are both secure.

I usually use a term "security level" to show what could in theory
be safe and what can never be safe. For instance, root have higher
security level than others on the same machine. "Trusted" machines
(such as admin's terminal) have higher levels than non-trusted
(multi-user, servers etc.): I can safely ssh from my non-root account
on my secure terminal to root/some.server but the reverse is forbidden.

Switching to higher level is never safe. Switching to lower level _can_
be safe - under conditions.

One can consider root and non-root admin account to have the same
security level, though (with non-root account used instead of root
to limit accidental damage only).
-- 
Krzysztof Halasa

----- End forwarded message -----

-- 
 ---- WBR, Michael Shigorin <mike@altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2006-03-30 18:32 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-03-30 18:32 [Sysadmins] Fwd: Re: Sudo tricks Michael Shigorin

ALT Linux sysadmins discussion

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
		sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
	public-inbox-index sysadmins

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.sysadmins


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git