Re: shared root account

To: debian-security@lists.debian.org
Subject: Re: shared root account
From: Eric E Moore <e.e.moore@shef.ac.uk>
Date: 07 Jul 2001 02:10:09 +0100
Message-id: <[🔎] 87hewpy26m.fsf@dyn006239.shef.ac.uk>
In-reply-to: <[🔎] 20010706152456.M26109@plato.local.lan>
References: <[🔎] B76B3592.2110%robert@sciresearch.com> <[🔎] 20010706094355.A25712@micromuse.com> <[🔎] 20010706152456.M26109@plato.local.lan>

>>>>> "Ethan" == Ethan Benson <erbenson@alaska.net> writes:

Ethan> or even seemingly innocuous things like less or even cat.

Less is a problem, yes, as is anything else with a shell escape.

Ethan> sudo less anything !/bin/sh whoami r00t!

Ethan> echo me ALL=ALL > s sudo 'cat s >> /etc/sudoers'

doesn't work.  the >> is a shell redirection, but sudo doesn't
evaluate in a shell.  

$  echo me ALL=ALL > s
$ cat s
me ALL=ALL
$ sudo 'cat s > foo'
sudo: cat s > foo: command not found
$ sudo cat s \> foo
me ALL=ALL
cat: >: No such file or directory
cat: foo: No such file or directory

I would be very shocked if you could compromise a system with a
sudoers entry of:
me hostname = (root) /bin/cat

Ethan> sudo is a very large cannon which is difficult to keep aimed
Ethan> away from the foot...

That it is.  But then, the root password is basically a very large
cannon built into your shoe.

  -Eric

Reply to:

Follow-Ups:
- Re: shared root account
  - From: Will Aoki <waoki@umnh.utah.edu>
- Re: shared root account
  - From: Ethan Benson <erbenson@alaska.net>
- Re: shared root account
  - From: Andres Salomon <dilinger@mp3revolution.net>

References:
- Re: shared root account
  - From: "Robert L. Yelvington" <robert@sciresearch.com>
- Re: shared root account
  - From: Nathan E Norman <nnorman@micromuse.com>
- Re: shared root account
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: shared root account
Next by Date: Re: shared root account
Previous by thread: Re: shared root account
Next by thread: Re: shared root account
Index(es):
- Date
- Thread